Find, Fix, and Verify your Splunk Logging
The Splunk Logging Problem.
- How do you know you’re logging the right data?
- Why wait for a breach to find out you’re missing logs or that your alerts weren’t configured correctly?
- How do you test your configurations once a change has been made?
That’s where NodeZero comes in.
With Horizon3’s autonomous pentesting platform, you’re able to look at your enterprise through the eyes of an attacker…
Identify Blind Spots
Quickly identify your missing logs, work to ingest them, and then rerun the pentest to verify the logs are being ingested properly into Splunk.
Prioritize Logging
Use our pentesting results to prioritize which hosts to increase logging for, and identify hosts where you can reduce your logging to efficiently use your Splunk license.
How does NodeZero Help?
Fixing your logging blindspots
NodeZero allows you to see if the attack sequence was captured in Splunk via raw logs or alerts, remediate the logging blindspots and tune searches, and rerun the pentest or attack command to verify that they are now configured to properly detect further attacks of that nature.
Prioritizing what NOT to log
NodeZero assigns a “Critical Impact” score to each host used to execute an attack. These criticality scores enable you to accurately determine where to increase and decrease their host-based logging.
Fixing what’s broken
Upon identifying weaknesses in the environment, NodeZero auto-generates a “Fix Action” report that can be used to produce a succinct to-do list.
For Splunk Professional Services Partners
Consulting+ Licensing Model
With Horizon3’s Consulting+ licensing model, professional services companies can execute any number of pentests at a fixed cost, enabling them to improve the quality of their Splunk deployments, and providing proof to their customers that their SIEM is ready to defend against attacks.
- Running 1 pentest at a time across an entire enterprise requires only 1 license.
- Buy as many licenses as you wish to run multiple concurrent pentests.
- Each pentest can cover an unlimited number of IPs, which means there’s no limit to how big or small the customer environment is.
- Use the “Fix Action” report to generate a follow-on Statement of Work (SOW) and generate more IT services revenue.
NodeZero is your ticket to proving how awesome your Splunk services team is, so why not let your results do the talking and generate more value for the customer and more revenue for yourself?
Want to learn more about Horizon3.ai for Splunk?
Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. Contact us now for a quote or if you have any questions.