Upload File

splunk for centrify

2
Delivering the Control, Visibility and Security of Your Cross-Platform Data Center Splunk App for Centrify Insight FACT SHEET Splunk is the engine for machine data that gives system administrators and security specialists visibility and control of highly complex Active Directory environments. Splunk aggregates, correlates and monitories all security event logs and changes to AD schema. Why Splunk for Centrify Insight Centrify Suite can easily create reports that show what systems users have accessed and reveal their *NIX attributes. All of this information is centrally stored in Centrify Zones within Active Directory, making it easy to manage and report. Using Splunk for Centrify Insight you can also determine: Who Zone-enabled a user? When *NIX attribute(s) were changed? What Zone-groups have been modified? What changes were made to Active Directory Users, Groups and Computer objects? Active Directory Security Insights Understanding and monitoring changes to the settings of Active Directory Objects can mean the difference between the right or wrong person having access to proprietary data or specific applications. The ability to be alerted to changes, see the change deltas and know who made the changes, supports the security and compliance best practice of separation of duties. Changes to Active Directory objects (users, groups and computers) and the timing (adds, modifies, deletes or undeletes) can indicate malicious activity and the first step in the compromise of your proprietary data. Splunk App for Centrify Insight Centrify Insight is a Splunk application that listens to Active Directory domain controllers and security event logs as well as *NIX syslog and Centrify Suite logs to provide the insight you need to answer security and forensic questions about Centrify secured systems. This data is captured and summarized into a series of reports and metrics that can be displayed, reported, alerted and analyzed at a granular level. Centrify Insight provides the visibility you need with an easy-to-use search interface and pre-built interactive reports based on the mature and popular Splunk platform. And best of all, Centrify is making this available for free! The Challenge Heterogeneous IT environments have become the standard both for server operating systems and the applications that run on them. With diverse operating systems and applications spanning physical, virtual and cloud-based environments, along with more Java- and web-based applications, the trend toward diversity is only accelerating. Not surprisingly, interoperability among these diverse platforms is a key concern for IT managers. Reducing complexity has become even more critical in the past few years as an uncertain economy has put renewed focus on reducing expenses and leveraging existing investments. Meanwhile, security and compliance have become even more critical as organizations cope with a dynamic business environment that includes mergers and acquisitions, staff reductions and outsourcing. The Solution Splunk Enterprise and Centrify can deliver the control and visibility you need to establish and manage the security of your cross-platform data center. You get a deeper insight into Active Directory status and the local system changes that affect the security and compliance of your environment. Centrify Suite The Centrify Suite lets you centrally control, secure and audit the access to your cross-platform systems and applications by leveraging your existing Active Directory infrastructure. Built on an integrated architecture, the Centrify Suite enables organizations to strengthen security, enhance regulatory compliance initiatives, reduce IT expense and complexity and improve end-user productivity. The Centrify Suite—consisting of DirectControl, DirectAuthorize, DirectAudit, DirectSecure and DirectManage—delivers secure authentication and single sign- on, role-based access control, privileged identity management, user-level auditing, server isolation and encryption of data-in- motion for the industry’s broadest set of heterogeneous systems and applications. Splunk for Active Directory Splunk is perfectly suited for monitoring and auditing Active Directory logs because it matches the flexibility of Active Directory and can scale linearly as your Active Directory environment grows. Splunk can manage and analyze any data from any source type without requiring connectors. In addition, Splunk can not only manage Active Directory’s huge amount of data for trending and compliance requirements, it can handle complex event processing for real-time monitoring and alerting.

Upload: greg-hanchin

Post on 18-Jul-2015

139 views

Category:

Technology


4 download

Report

TRANSCRIPT

  • Delivering the Control, Visibility and Security of Your Cross-Platform Data Center

    Splunk App for Centrify Insight

    F A C T S H E E T

    Splunk is the engine for machine data that gives system administrators and security specialists visibility and control of highly complex Active Directory environments. Splunk aggregates, correlates and monitories all security event logs and changes to AD schema.

    Why Splunk for Centrify Insight Centrify Suite can easily create reports that show what systems users have accessed and reveal their *NIX attributes. All of this information is centrally stored in Centrify Zones within Active Directory, making it easy to manage and report. Using Splunk for Centrify Insight you can also determine:

    Who Zone-enabled a user?

    When *NIX attribute(s) were changed?

    What Zone-groups have been modified?

    What changes were made to Active Directory Users, Groups and Computer objects?

    Active Directory Security Insights

    Understanding and monitoring changes to the settings of Active Directory Objects can mean the difference between the right or wrong person having access to proprietary data or specific applications. The ability to be alerted to changes, see the change deltas and know who made the changes, supports the security and compliance best practice of separation of duties. Changes to Active Directory objects (users, groups and computers) and the timing (adds, modifies, deletes or undeletes) can indicate malicious activity and the first step in the compromise of your proprietary data.

    Splunk App for Centrify InsightCentrify Insight is a Splunk application that listens to Active Directory domain controllers and security event logs as well as *NIX syslog and Centrify Suite logs to provide the insight you need to answer security and forensic questions about Centrify secured systems. This data is captured and summarized into a series of reports and metrics that can be displayed, reported, alerted and analyzed at a granular level. Centrify Insight provides the visibility you need with an easy-to-use search interface and pre-built interactive reports based on the mature and popular Splunk platform. And best of all, Centrify is making this available for free!

    The ChallengeHeterogeneous IT environments have become the standard both for server operating systems and the applications that run on them. With diverse operating systems and applications spanning physical, virtual and cloud-based environments, along with more Java- and web-based applications, the trend toward diversity is only accelerating.

    Not surprisingly, interoperability among these diverse platforms is a key concern for IT managers. Reducing complexity has become even more critical in the past few years as an uncertain economy has put renewed focus on reducing expenses and leveraging existing investments.

    Meanwhile, security and compliance have become even more critical as organizations cope with a dynamic business environment that includes mergers and acquisitions, staff reductions and outsourcing.

    The SolutionSplunk Enterprise and Centrify can deliver the control and visibility you need to establish and manage the security of your cross-platform data center. You get a deeper insight into Active Directory status and the local system changes that affect the security and compliance of your environment.

    Centrify SuiteThe Centrify Suite lets you centrally control, secure and audit the access to your cross-platform systems and applications by leveraging your existing Active Directory infrastructure. Built on an integrated architecture, the Centrify Suite enables organizations to strengthen security, enhance regulatory compliance initiatives, reduce IT expense and complexity and improve end-user productivity. The Centrify Suiteconsisting of DirectControl, DirectAuthorize, DirectAudit, DirectSecure and DirectManagedelivers secure authentication and single sign-on, role-based access control, privileged identity management, user-level auditing, server isolation and encryption of data-in-motion for the industrys broadest set of heterogeneous systems and applications.

    Splunk for Active DirectorySplunk is perfectly suited for monitoring and auditing Active Directory logs because it matches the flexibility of Active Directory and can scale linearly as your Active Directory environment grows. Splunk can manage and analyze any data from any source type without requiring connectors. In addition, Splunk can not only manage Active Directorys huge amount of data for trending and compliance requirements, it can handle complex event processing for real-time monitoring and alerting.

  • www.splunk.comlisten to your data

    250 Brannan St, San Francisco, CA, 94107 [email protected] | [email protected] 866-438-7758 | 415-848-8400 www.splunkbase.com

    F A C T S H E E T

    Copyright 2012 Splunk Inc. All rights reserved. Splunk Enterprise is protected by U.S. and international copyright and intellectual property laws. Splunk is a registered trademark or trademark of Splunk Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies. Item # FS-Splunk-Centrify Insight-101

    About SplunkSplunk collects, indexes and harnesses machine data generated by an organizations IT systems and infrastructurephysical, virtual and in the cloud. Machine data is unstructured, massive in scale and contains a categorical record of all transactions, systems, applications, user activities, security threats and fraudulent activity.

    Splunk has the flexibility to collect all your data sources, the scalability to work across your entire infrastructure and the power to provide deep drilldown, statistical analysis and real-time, custom dashboards to anyone in your organization.

    About CentrifyCentrify delivers integrated software solutions that centrally control, secure and audit access to cross-platform systems and applications using Microsoft Active Directory. Centrify is deployed in production on hundreds of thousands of mission critical servers. Over 3,000 organizations rely on Centrifys identity consolidation and privilege management solutions to reduce IT expenses, strengthen security and meet compliance requirements.

    Features Real-time views and alerts of scheduled or ad-hoc policy

    changes

    Intuitive visualizations of key performance indicators (KPIs) using pre-built dashboards that monitor configuration changes

    Timely alert-setting to notify you when specific changes are made to Active Directory

    Robust scheduling and reporting

    Customizable graphics and dashboards

    Scalable, universal real-time log event collection and indexing from any application, server, network or security device

    Easy-to-use interface facilitates communication of status and issues across the organization

    F A C T S H E E T

    Free DownloadDownload Splunk for free. Youll get a Splunk Enterprise license for 60 days and you can index up to 500 megabytes of data per day. After 60 days, or anytime before then, you can convert to a perpetual Free license or purchase an Enterprise license by contacting [email protected].


FireEye App for Splunk Enterprise · 7 FireEye App for Splunk Enterprise Documentation Version 1.1 Installing the FireEye App for Splunk Enterprise Use the App Manager within Splunk

Centrify PuTTY User s Guide...Centrify PuTTY User s Guide Author Centrify Corporation Created Date 8/22/2018 12:41:42 PM

Centrify Adedit Guide

Splunk Validated Architectures · Splunk Engineers Responsible for managing the Splunk lifecycle. Managed Service Providers Entities that deploy and run Splunk as a service for customers

Centrify for saa s & apps pt-br

Splunk App for StreamMany Solutions, One Goal. Some history •Splunk acquires Cloudmeter, December 2013 •Renamed Splunk App for Stream •Released with Splunk 6.0 (August, 2014)

Centrify Dropbox Presentation

Splunk conf2014 - Splunk for Data Science

Rivium Splunk Windows · o Splunk Enterprise Security * o uberAgent* o Splunk App for Web Analytics Common Splunk Apps & Add-ons 15 SplunkingWIndows o Splunk Add-on for Microsoft

CENTRIFY FOR MAC WORKSTATIONSagrilifecdn.tamu.edu/.../AgriLife-Centrify-For-Mac-Installation-Guide.pdf · The process consists of two parts: Install Centrify Software and Join the

Welcome to Centrify DirectControl Agent for Mac, …Installing on Macintosh OS 10.10 “Yosemite” If you are running the current release of Centrify, you MUST UPGRADE Centrify BEFORE

Centrify for servers pt br

Splunk conf2014 - Using Selenium and Splunk for Transaction Monitoring Insight

Centrify Identity Services Platform Events and ArcSight ... · Centrify Identity Services Platform Events and ArcSight CEF Guide . September 2018 . Centrify Corporation . Abstract

Centrify PuTTY

Referent / Redner Benjamin Tiggemann · 2015-07-08 · Splunk for Exchange Splunk for Enterprise Security* Splunk for Vmware Splunk for PCI Compliance* Splunk for Windows Splunk for

Netfilter Iptables for Splunk Documentation - Read the Docs · Netfilter Iptables for Splunk Documentation, Release 0 Splunk Answers Splunk has a strong community of active users

Centrify Intellect event

Centrify for mac & mobile pt br

Welcome to Centrify DirectControl Agent for Mac, Centrify ... · Welcome to Centrify DirectControl Agent for Mac, ... Release Notes for Centrify DirectControl Agent for Mac, Centrify

Centrify DirectManage: Group Policy Managementtechnology.pitt.edu/.../2014-01_Centrify_Group_Policy_Management.pdf · Accessing Centrify Settings for Group Policy Management 1. Navigate

Splunk for Security

Centrify for Samsung KNOX - Launch Overview

Centrify Apache Guide

How to configure Centrify Identity Services for RADIUS to configure Centrify Identity Services for RADIUS • 1 How to configure Centrify Identity Services for RADIUS Centrify Identity

Admission Control using Splunk Enterprise Deployment Guide€¦ · Configuring Splunk Enterprise ... For more information on Splunk configuration, see Splunk documentation. Troubleshooting

Splunk For IT Operational Intelligence · • Splunk Apps –Splunk App for VMware –Splunk Apps for Citrix & Hyper V –Splunk App for Microsoft Exchange –Splunk App for Active

Splunk conf2014 - Splunk Monitoring - New Native Tools for Monitoring your Splunk Deployment

Auditing with Centrify Server Suite Administrator’s … with Centrify Server Suite Administrator’s Guide June 2017 Centrify Corporation Legal notice This document and the software

ComponentSpace SAML for ASP.NET Core Centrify ......ComponentSpace SAML for ASP.NET Core Centrify Integration Guide 10 SAML Logout SP-initiated logout returns the user to the Centrify

Netfilter Iptables for Splunk Documentation - Read … · Netfilter Iptables for Splunk Documentation, Release 0 Splunk Answers Splunk has a strong community of active users and

Single Sign-On for SAP R/3 on UNIX with Centrify ...hosteddocs.ittoolbox.com/centrify-ssoforsaponunixandlinux-10.10.08.pdf · Single Sign-On for SAP R/3 on UNIX with Centrify DirectControl

Centrify Identity and Access Management for Hortonworkscommunity.centrify.com/centrify/attachments/centrify/techblog/22/3... · Centrify Identity and Access Management for Hortonworks

Centrify for Splunk Integration GuideSplunk Forwarder on the Windows and the Unix machines Centrify Add-on for Splunk on both types of machines The inputs.conf file in the Centrify

Using Splunk for CDM and CMaaS · USING SPLUNK® FOR CDM AND CMAAS The Platform for Machine Data Splunk Enterprise is the platform for machine data. Splunk software enables the …