The logs that can be collected and analyzed by this powerful and relatively inexpensive competitor are as follows:
- Logs created by security equipment such as IPS, Firewall, Antivirus
- Logs created by internal services such as AD, DNS, IIS, Apache, DHCP
- Logs created by network infrastructure equipment such as Switch, Router
- Logs created by internal software such as automation, finance and more
- Logs created by different operating systems
- Logs created by smart and mobile devices
- Logs created by electronic equipment such as electric doors, elevators, sensors, traffic control
Other extensions of this tool that are used to make SIEM more powerful are:
Splunk User Behavior Analytics
Splunk Insights for Ransomware
Splunk is a multinational company specializing in the production, storage, indexing and correlating of large volumes of data in a searchable repository. The company's tools allow users to present different graphs, reports and warnings.
One of the important products of this company is splunk enterprise which collects and analyzes bulk logs.
It is a Splunk plug-in that is used to launch SIEM, enabling SOC Centers to quickly detect and detect all known and even unknown attacks internally and externally. This extension is installed on splunk enterprise.