View

Sorting

Products found: 1

logo
Offer a reference bonus
0.00

AlphaSOC Network Behavior Analytics for Splunk

Our Splunk applications instantly score network logs to identify emerging threats and anomalies within networks. Non-Splunk users can access our API directly and create custom integrations with our SDK. Use Network Behavior Analytics for Splunk to quickly uncover infected hosts and threats to your environment. The Splunk app processes and submits network telemetry (CIM-compliant DNS, IP, and HTTP events) to the AlphaSOC Analytics Engine for scoring, and retrieves security alerts and data for investigation. The AlphaSOC Analytics Engine performs deep investigation of the material, such as:
  • Volumetric and quantitative analysis (counting events, identifying patterns)
  • Resolving FQDNs and domains to gather context (identifying sinkholes and ASN values)
  • Breakdown and analysis of each FQDN label (i.e. hostname, domain, TLD)
  • Gathering of reputation data (e.g. WHOIS and associated malware samples)
  • Categorization of traffic based on known patterns (e.g. C2, P2P, VPN, cryptomining)
Particular use cases solved by Network Behavior Analytics include:
  • Uncovering C2 callbacks and traffic to known sinkholes
  • Tor, I2P, and Freenet anonymized circuit identification
  • Cryptomining and JavaScript cryptojacking detection
  • Flagging traffic to known phishing domains
  • Brand impersonation detection via Unicode homoglyphs and transpositions
  • Flagging multiple requests for DGA domains, indicating infection
  • DNS and ICMP tunneling and exfiltration detection
  • Alerting of lateral movement and active network scanning
  • Policy violation flagging (e.g. third-party VPN and P2P use)
... Learn more
-
-
ROI-
-
2
16

The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks and problems. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.