Splunk is one of the world's leading SIEMs, and for good reason. It utilizes a powerful search processing language (SPL) for security teams to search, report, and analyze log events across countless services, at scale. Until today, security teams would need to go to other tools, services or even interview service owners to gather critical data context. By integrating Splunk's powerful search and analytics function directly into Open Raven's modern data security platform, security teams can now include various security controls and data types with their search, dashboards and analytics for more valuable insights and quicker prioritization.
We've repeatedly heard the need to fully understand which data exists and where it is located. Why? Well, there’s no reason to keep data that no one’s using — an easy path to risk reduction. For data that is being used, how is it protected? If there is unusual behavior, is it with a system that has access to sensitive data? Such answers are important to properly assess and prioritize attention.
Asset listing in Splunk allows you to analyze the AWS asset discoveries made by Open Raven. Easily apply free-form searches to investigate assets using SPL and eventually convert the results into charts.
In addition to this, you can leverage the standard Splunk export, generating CSV, JSON, and XML files containing asset configuration details, data classification findings, and more. Plug this export into your own workflow, or use Splunk directly within Open Raven for flexible analytics.
Open Raven provides default dashboards to describe security misconfigurations, summarize policy violations, or highlight sensitive data in your environment. Our team is also happy to work with you to provide custom dashboards based on your data security initiatives.
You can now access Splunk search and dashboard capabilities by navigating to “Analytics” in the main menu.
Interested in fitting this new data into your existing workflows? No problem. Open Raven provides a number of easy-to-use integrations like AWS EventBridge that integrate directly into your SIEM or custom workflow.