AlphaSOC Network Behavior Analytics for Splunk
0.00

Problems that solves

Shortage of inhouse software developers

Shortage of inhouse IT resources

Shortage of inhouse IT engineers

High costs of IT personnel

Values

Reduce Costs

Enhance Staff Productivity

AlphaSOC Network Behavior Analytics for Splunk

Are you flooded with false positives and thousands of alerts each day? Our analytics tools are trusted by hundreds of enterprises to serve clear, high-fidelity alerts to security teams

Description

Our Splunk applications instantly score network logs to identify emerging threats and anomalies within networks. Non-Splunk users can access our API directly and create custom integrations with our SDK. Use Network Behavior Analytics for Splunk to quickly uncover infected hosts and threats to your environment. The Splunk app processes and submits network telemetry (CIM-compliant DNS, IP, and HTTP events) to the AlphaSOC Analytics Engine for scoring, and retrieves security alerts and data for investigation. The AlphaSOC Analytics Engine performs deep investigation of the material, such as:
  • Volumetric and quantitative analysis (counting events, identifying patterns)
  • Resolving FQDNs and domains to gather context (identifying sinkholes and ASN values)
  • Breakdown and analysis of each FQDN label (i.e. hostname, domain, TLD)
  • Gathering of reputation data (e.g. WHOIS and associated malware samples)
  • Categorization of traffic based on known patterns (e.g. C2, P2P, VPN, cryptomining)
Particular use cases solved by Network Behavior Analytics include:
  • Uncovering C2 callbacks and traffic to known sinkholes
  • Tor, I2P, and Freenet anonymized circuit identification
  • Cryptomining and JavaScript cryptojacking detection
  • Flagging traffic to known phishing domains
  • Brand impersonation detection via Unicode homoglyphs and transpositions
  • Flagging multiple requests for DGA domains, indicating infection
  • DNS and ICMP tunneling and exfiltration detection
  • Alerting of lateral movement and active network scanning
  • Policy violation flagging (e.g. third-party VPN and P2P use)