FlowTraq for Splunk combines infinitely scalable traffic handling, full forensic drill-down, and smart Network Behavioral Intelligence paired with Splunk’s powerful event correlation. See with unprecedented clarity how all of your alerts correlate to your traffic to find hackers, malware, and data thieves faster than ever.
FlowTraq for Splunk bridges the gap between your Security Information Events and your full-fidelity NetFlow storage. All the forensic investigation power of FlowTraq shown side-by-side with any Splunk event. The FlowTraq for Splunk App is easy to install, easy to use, and provides seamless transitions all the way from high-level event monitoring to inspecting individual flow records.
FlowTraq for Splunk uses your existing FlowTraq install for flow correlation and retrieval — it doesn’t add a single byte to your collection overhead, no matter how high your network volume. FlowTraq specializes in flow analysis, Splunk specializes in event analysis; the combination keeps your Splunk collection lean while offering full access to billions of session records in FlowTraq.
Investigating security alerts has never been easier. Splunk’s events database and powerful general filtering make it easy to find important events in your logs, Intrusion Detection system (IDS) alerts, firewall and web server events. With FlowTraq for Splunk you get full context for your FlowTraq Network Behavioral Intelligence (NBI) events, and every intrusion attempt, denial of service attack, and spam email.
FlowTraq for Splunk uses a separate FlowTraq deployment for analyzing and processing flow records. With the FlowTraq Virtual Appliance, you can have FlowTraq deployed and running in no time. Or, you can use FlowTraq Cloud, and connect FlowTraq for Splunk in one step for full-fidelity context without the hassle of managing another server.
For system requirements, installation and configuration instructions read more technical details at Getting Started with FlowTraq for Splunk.