Security Experts:

Splunk for FireEye Correlates Analytics on Cyber Attacks

Threat prevention provider FireEye, and Splunk, the recently gone public provider of software that helps organizations gather and make use of machine data from multiple sources, today announced the availability of Splunk for FireEye, an application that makes information on inbound and outbound events from FireEye appliances available within the Splunk console.

FireEye for SplunkUsing the new application, Splunk Enterprise is able to provide real-time continuous monitoring and trending of data being generated by FireEye’s appliances.

Splunk Logo

With the ability to generate real-time alerts, customers can visualize long-term trends that could help with the prioritization of incident response activities, as well as set and monitor key performance metrics, the company said.

"There is an incredible amount of security data generated by FireEye's products that companies can use to improve their security posture,” said Bill Gaylord, senior vice president of business development at Splunk.

Splunk for FireEye provides reports for monitoring malware distribution and callbacks, infection types over time, and the number of infected systems. Included in the reports are dashboards that show the number of inbound infections by host IP over time and the number of callbacks over time by malware name.

Customers are able to look at a discovered piece of malware in a number of ways, including:

• Type of Malware: provides an overview of a specific piece of malware including its name, number of callbacks, source and destination, and port and protocol used.

• Transactions: provides a view of each of the callbacks as a transaction, identifying the source and destination, the severity, and the infection source port.

• C2 (callback information): includes HTTP (layer-7) information along with the URI, HTTP version, user agent (browser version), and the action (GET or POST).

• Trends: provides an "over-time" graphical view of communication (ports and IPs) between the malware and its C2 destination.

• Correlation: passes the time of a particular malware activity to Splunk, which launches a search for other activities happening at that same time.

"With our next-generation threat protection, critical information gleaned from our appliance is crucial for security professionals to make informed decisions," said Ashar Aziz, FireEye founder and CEO. "This application is a win for our joint customers by saving them time and increasing their visibility into their security operations."

In related news, earlier this week Splunk announced a new reporting module for PCI compliance requirements to its real-time big data analysis tool. The Splunk App for PCI Compliance 2.0 provides basic reporting and data analysis capabilities that is sufficient to meet Payment Card Industry Data Security Standard (PCI DSS) requirements. In late August Splunk launched Splunk Storm, a cloud service based on its flagship Splunk software.