Release Notes

Open Raven Platform Release: Dashboards and Search with Integrated Splunk

Bele
Chief Corvus Officer
August 26, 2021

Splunk is one of the world's leading SIEMs, and for good reason. It utilizes a powerful search processing language (SPL) for security teams to search, report, and analyze log events across countless services, at scale. Until today, security teams would need to go to other tools, services or even interview service owners to gather critical data context. By integrating Splunk's powerful search and analytics function directly into Open Raven's modern data security platform, security teams can now include various security controls and data types with their search, dashboards and analytics for more valuable insights and quicker prioritization.

Full asset listing, search and reports

We've repeatedly heard the need to fully understand which data exists and where it is located. Why? Well, there’s no reason to keep data that no one’s using — an easy path to risk reduction. For data that is being used, how is it protected? If there is unusual behavior, is it with a system that has access to sensitive data? Such answers are important to properly assess and prioritize attention.

Asset listing in Splunk allows you to analyze the AWS asset discoveries made by Open Raven. Easily apply free-form searches to investigate assets using SPL and eventually convert the results into charts. 

In addition to this, you can leverage the standard Splunk export, generating CSV, JSON, and XML files containing asset configuration details, data classification findings, and more. Plug this export into your own workflow, or use Splunk directly within Open Raven for flexible analytics.

Dashboards

Built in Splunk dashboard showing Policy Violation Metrics. Can see an overview of assets and accounts in violation, and the number of severity.
Built-in dashboards summarize various discoveries like policy violations.

Open Raven provides default dashboards to describe security misconfigurations, summarize policy violations, or highlight sensitive data in your environment. Our team is also happy to work with you to provide custom dashboards based on your data security initiatives.

You can now access Splunk search and dashboard capabilities by navigating to “Analytics” in the main menu.

Splunk search screen where a user can enter a query and see different events.
Splunk, as well as sample SPL queries, came be accessed in one click.


Interested in fitting this new data into your existing workflows? No problem. Open Raven provides a number of easy-to-use integrations like AWS EventBridge that integrate directly into your SIEM or custom workflow.

Don't miss a post

Get stories about data and cloud security, straight to your inbox.