RAP Use Case Details

Storage Management Package

The Splunk Storage Management Package addresses key issues with data storage in IT Operations environments. This module provides useful monitoring of tiered storage across different vendors where native tools fail to provide sufficient information to storage administrators. This package helps storage administrators with troubleshooting, performance management and capacity planning regardless of storage vendor or type.

The Use Cases supported in the Splunk Storage Management Package include:

• Log Volume Trending
• Storage I/O Latency
• Disk Utilization
• Storage Speed I/O Utilization by Host

Network Management Package

The Splunk Network Management Package addresses key issues with data networks in IT Operations environments. This module provides useful monitoring tiered storage across different vendors. and when native tools fail to provide sufficient information to storage administrators. This package helps storage administrators with troubleshooting, performance management and capacity planning.

The Use Cases supported in the Splunk Network Management Package include:

• Wire Data for Application Management
• Log Volume Trending
• Network Utilization
• TOR Traffic

Server Management Package

The Splunk Server Management Package monitors performance characteristics of servers, applications and IT infrastructure. This module provides a comprehensive set of monitoring tools for a variety of IT vendors and platforms, providing proactive alerting and real-time visualizations.

The Use Cases supported in the Splunk Server Management Package include:

• Memory Measurement by Host
• Log Volume Trending
• Processor Level CPU Utilization
• Server Error Identification
• New Local Administrator Account Identification
• Multiple Host Infection
• New Administrator Accounts
• Domain Controller Authentication
• New Administrator Accounts
• New Services Account
• Recurring Host Infection
• Local User Credentials

Application Management Package

The Splunk Application Management Package monitors performance characteristics of enterprise applications, purpose-built code-streams, and IT infrastructure support. This module provides a comprehensive set of monitoring tools for a variety of IT applications and platforms, providing proactive alerting and real-time visualizations.

The Use Cases supported in the Splunk Application Management Package include:

• Wire Data for Application Management
• Memory Measurement by Host
• Log Volume Trending
• Storage I/O Latency
• Processor Level CPU Utilization
• Storage Speed I/O Utilization by Host

Web Management Package

The Splunk Web Management Package monitors performance characteristics of webservers, internet applications and network infrastructure supporting internal and external web platforms. This module provides a comprehensive set of monitoring tools for a variety of IT vendors and platforms, providing proactive alerting and real-time visualizations.

The Use Cases supported in the Splunk Web Management Package include:

• Slow Web Page Identification
• Web Page Users by Country Identification
• Large Web Uploads
• New Administrator Accounts
• Increased Host Logins
• New Services Account

Basic Security Monitoring Package

The Splunk Basic Security Monitoring Package monitors security events of internal IT infrastructure. This module provides a comprehensive set of security monitoring tools supporting a variety of IT vendors and platforms, and providing proactive security alerting and real-time visualizations.

The Use Cases supported in the Splunk Basic Security Monitoring Package include:

• Basic Brute Force Detection
• Basic Malware Outbreak
• Basic Scanning
• Endpoint Uncleaned Malware Detection
• Multiple Infections on Host
• Recurring Infections on Host
• User Login with Local Credentials

Compliance Package

The Splunk Compliance Package monitors comprehensive events of internal IT infrastructure to ensure compliance. This module provides a set of security and compliance monitoring tools supporting a variety of IT vendors and platforms. The module also provides compliance reporting and can be configured for specialized compliance alerts.

The Use Cases supported in the Splunk Compliance Package include:

• Access to In-scope Resources
• Access to In-scope Resources Unencrypted
• Endpoint Uncleaned Malware Detection
• New Local Administrator Account

Insider Threat Package

The Splunk Insider Threat Package monitors potential insider threat security events in IT infrastructures. This module provides a comprehensive set of security monitoring tools supporting a variety of IT vendors and platforms. It also provides proactive security alerting for potential insider threats.

The Use Cases supported in the Splunk Insider Threat Package include:

• Flight Risk Web Browsing
• Large Web Uploads
• Source-based High Volume of DNS Traffic
• User Login with Local Credentials
• Local User Credentials

Advanced Threat Detection Package

The Splunk Advanced Threat Detection Package monitors potential threats in a variety of IT contexts. This module provides an advanced set of security monitoring tools supporting a variety of IT vendors and platforms. It also provides proactive security alerting for advanced threats.

The Use Cases supported in the Splunk Advanced Threat Detection Package include:

• New Domain Controller Authentication
• Basic TOR Traffic Detection
• Increased Number of Host Logins
• New Interactive Login from a Service Account
• New Local Administrator Account Identification
• Windows Event Log Clearing

• Maximum Daily Index Volume permitted: 25GB (regardless of number of use cases)
• Deployment type: Limited to a single instance deployment
• Not stackable with other Splunk licenses