for Splunk powered by NetFlow Integrator— This app
allows organizations to index NetFlow data in Splunk Enterprise for
security or network monitoring use cases. It does this by leveraging the
app and NetFlow Logic’s NetFlow Integrator to convert binary NetFlow
into a human-readable, syslog format that is then indexed in Splunk
software. The app also contains pre-built reports and dashboards to more
easily visualize network flows that may be security threats. New in
version 3.1 is enhanced support for NetFlow V9 and new visualizations.
Splunk Integration with the Norse IPViking feed— Norse uses a global network of sensors to identify risky or
malicious IP addresses, uncover more information around these IP
addresses and assign them a risk score. Norse then makes this
information available through their live IPViking threat intelligence
feed. The proof-of-concept integration being shown enables Splunk users
to automatically or manually apply the IPViking threat intelligence feed
to data in Splunk in order to identify high-risk network and endpoint
activity associated with malicious IPs or to add more contextual
information to an IP address to facilitate a security investigation.
High-risk activity that could be identified or blocked includes external
IPs attempting DDoS attacks or acting as CnC servers.
App for Palo Alto Networks —The Splunk App for Palo
Alto Networks ingests the context-rich machine data from Palo Alto
Networks next-generation firewalls to enable organizations to analyze
risk, improve security posture and compliance and address a number of
additional operational and regulatory concerns. The app contains
pre-built searches, reports and dashboards to visualize a wide range of
Palo Alto Networks data including application and user, intrusion
prevention system (IPS), antivirus and content filtering events. New in
version 3.3 are visualizations that show events from Wildfire, Palo Alto
Networks’ technology for detecting advanced persistent threats (APTs).
For the latest Splunk security solutions, please visit the security
section of the Splunk website. For more information about Black Hat
USA 2013, please go to http://www.blackhat.com/us-13/.