App for Splunk for financial institutions - Security business -Macnica

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

Specifications/Technical Information

Specifications/Technical Information
- Splunk Enterprise features
- Splunk Technology Blog

solution

solution

User stories

support

Seminar content

Evaluation machine application/FAQ

Application for evaluation machine
- Splunk Evaluation Download
FAQ

Document request

inquiry

Event/Seminar

video on demand

Splunk

Click here to apply for "App for Splunk for Financial Institutions"

What is App for Splunk for Financial Institutions?

Main implementation contents

Precautions when using the App

What is App for Splunk for Financial Institutions?

It is a free template for financial institutions for Splunk developed by our partner Global Security Expert (http://www.gsx.co.jp, hereinafter GSX).

"App for Splunk for Financial Institutions" provides samples of security reports and dashboards that can be implemented in Splunk as an App*, and is used by companies that introduce "Splunk" for the purpose of security log analysis. It is assumed that you will use it.

* App: A public template for various applications and devices provided by Splunk and user communities. By using the App, you can efficiently perform log analysis, dashboards, report creation, etc. in Splunk.

Main implementation contents

In the App for Splunk for financial institutions, GSX has customized the following overview.

IPA "System Design Guide for Advanced Targeted Attacks"
JPCERT/CC "Detection and Countermeasures against Attacks on Active Directory Using Logs" and "Utilization and Analysis of Logs in Dealing with Advanced Cyber-Attacks"

Current status dashboard

A dashboard that displays attack detection status, event overview, fraud detection status, external information provision (financial ISAC, JPCERT/CC), and IPA (important security information)

Access management dashboard

A dashboard that displays the status of remote desktop connections to servers, etc.

Asset management dashboard

A dashboard that displays a list of accounts registered on AD

Attack analytics dashboard

A dashboard based on the analysis logic of "Detection and Countermeasures against Active Directory Attacks Using Logs" published by JPCERT

Change management dashboard

A dashboard that displays account changes, etc.

Threat intelligence analysis dashboard

A dashboard that can analyze fraudulent communications that fall under financial ISAC and open threat information (OSINT)

Relevance analysis dashboard

Dashboards to help investigate suspicious events

Premium Threat Information (Financial ISAC, JPCERT/CC): You can register threat information provided by Financial ISAC and JPCERT/CC.
Open Threat Information (OSINT): We use "Macnica CSIRT App Basic" to automatically obtain OSINT information.

Current status dashboard screen

Change management dashboard screen

Threat intelligence analysis dashboard screen

Precautions when using the App

This App is provided as a sample to customers who have purchased or are considering purchasing a Splunk license through Macnica.
Customers shall use this App at their own discretion and responsibility, and understand that any resulting damages such as loss of data or damage to your computer system will be your responsibility. , agree.
Our Splunk maintenance reception desk does not accept inquiries about confirmation of specifications related to this App or support inquiries regarding malfunctions. For technical inquiries, please contact our sales representative for paid technical services.
It is assumed that users of this App have experience building a Splunk environment.
- You must have one of the following qualifications to build this App.
  ・Splunk Power User
  ・SE1
  ・Admins
  ・Architect
It is assumed that you will not customize this App.
- If you want to customize, please create a new App and create another App while referring to this App.
- If you need support for PoC or construction using this App, we will charge you.
If you want to apply this App to the production environment, please use it after sufficiently verifying it in the test environment in advance and determining whether it will affect your environment.