Categories
Problems that solves
Shortage of inhouse software developers
Shortage of inhouse IT resources
Shortage of inhouse IT engineers
High costs of IT personnel
Values
Reduce Costs
Enhance Staff Productivity
AlphaSOC Network Behavior Analytics for Splunk
Are you flooded with false positives and thousands of alerts each day? Our analytics tools are trusted by hundreds of enterprises to serve clear, high-fidelity alerts to security teams
About Product
Description
Our Splunk applications instantly score network logs to identify emerging threats and anomalies within networks. Non-Splunk users can access our API directly and create custom integrations with our SDK.
Use Network Behavior Analytics for Splunk to quickly uncover infected hosts and threats to your environment. The Splunk app processes and submits network telemetry (CIM-compliant DNS, IP, and HTTP events) to the AlphaSOC Analytics Engine for scoring, and retrieves security alerts and data for investigation.
The AlphaSOC Analytics Engine performs deep investigation of the material, such as:
- Volumetric and quantitative analysis (counting events, identifying patterns)
- Resolving FQDNs and domains to gather context (identifying sinkholes and ASN values)
- Breakdown and analysis of each FQDN label (i.e. hostname, domain, TLD)
- Gathering of reputation data (e.g. WHOIS and associated malware samples)
- Categorization of traffic based on known patterns (e.g. C2, P2P, VPN, cryptomining)
- Uncovering C2 callbacks and traffic to known sinkholes
- Tor, I2P, and Freenet anonymized circuit identification
- Cryptomining and JavaScript cryptojacking detection
- Flagging traffic to known phishing domains
- Brand impersonation detection via Unicode homoglyphs and transpositions
- Flagging multiple requests for DGA domains, indicating infection
- DNS and ICMP tunneling and exfiltration detection
- Alerting of lateral movement and active network scanning
- Policy violation flagging (e.g. third-party VPN and P2P use)
