Operational Intelligence & Security by Splunk

Collection and indexing of machine data
Real-time event collection, universal indexing, adapter removal, use of metrics data, timestamps for events

Search and verification
Real-time search, transaction search, interactive results

Correlation and analysis
Machine learning-based AI, correlation of complex events, event annotations, pattern recognition

Visualization and reporting
Dashboard creation, automation of reports

Monitoring and alerting
Monitoring of events and KPIs, proactive notifications

Security and administration
Encrypted access to data streams, secure user access

Machine Learning
AI tools and customizable solutions are built into the entire Splunk portfolio, so you can make smarter, more robust decisions faster.

Source: www.splunk.com

Search and visualization
You can search your data regardless of where it is stored. You share the results as customized visualizations depending on the target group, whether for superiors or technical experts.

Collaboration and orchestration
No matter where you are – you always have access to your Splunk data, collaborate with your team and can take action like never before.

Source: www.splunk.com

Splunk Enterprise

Splunk Enterprise is a powerful central platform for collecting, indexing, monitoring, analysing and visualizing machine-generated data in real time.

Function:

• Collects, indexes and analyzes large volumes of machine data (e.g. log files, events, metrics)
• Application areas: IT monitoring, troubleshooting, security analysis (SIEM), compliance and business analytics
• Real-time analysis: Data can be searched and visualized in real time
• Scalability: Supports large volumes of data in distributed environments
• Integration: Compatible with many data sources, systems and cloud services

Benefits:

• Faster fault diagnosis
• Improved system transparency
• Support for security and compliance requirements
• Available on-premise or in the cloud
• Ideal for log management, search, reporting and dashboards

Splunk Enterprise Product Brief

Splunk Cloud Platform

Splunk Cloud is the cloud-based version of Splunk Enterprise, offered as Software-as-a-Service (SaaS). It offers many of the same core features as Splunk Enterprise, but with additional benefits in terms of operation, scalability and maintenance.

Further advantages:

• Lower operating costs by reducing infrastructure and personnel
• Compliance and security not user-dependent (Integrated security standards: Certifications such as ISO 27001, SOC 2, FedRAMP)
• Automatic scaling: no manual hardware planning required
• Faster time-to-value: data analysis possible immediately after commissioning
• Managed services: Operation, patching and high availability are handled by Splunk and NetDescribe
• Flexible licensing: Consumption-based or volume licensing

Splunk Cloud Platform Product Brief

Splunk Observability Cloud (IT- and Application-Monitoring)

Comprehensive suite for real-time monitoring and troubleshooting in complex, cloud-native environments:

• Splunk Infrastructure Monitoring: Powerful monitoring for servers, containers, Kubernetes.
• Splunk APM (Application Performance Monitoring): Tracing and performance analysis for distributed applications.
• Splunk RUM (Real User Monitoring): Analysis of user behavior and front-end performance.
• Splunk Synthetic Monitoring: Simulated user interactions for availability checks.
• Splunk Log Observer: Fast log analysis for DevOps/SRE.

Beginners Guide to Observability

Splunk IT Service Intelligence (ITSI)

Splunk ITSI is a Splunk-based monitoring and analysis tool developed specifically for IT service management. It enables companies to monitor the status and performance of their IT services in real time.

Core functions:

• Service monitoring: Monitors business-critical IT services based on KPIs and metrics.
• Glass Tables: Visualization of complex IT environments and dependencies in interactive dashboards.
• Correlation of events: Recognizes patterns in large amounts of data and proactively identifies potential problems.
• Episode Review: Groups related alerts into so-called episodes to reduce alert flooding.
• Machine Learning: Uses ML to detect anomalies and predict failures.

Advantages:

• Faster incident management through better transparency
• Early detection of problems
• Support for DevOps and SRE through data-driven decisions
• Splunk ITSI is particularly suitable for large, complex IT landscapes where reliable, centralized monitoring is essential.

Splunk IT Service Intelligence Product Brief

Splunk Enterprise Security (ES)

• The market-leading SIEM for comprehensive transparency, high-precision detection with context and maximum operational efficiency. The SIEM solution for threat detection, investigation, incident response and compliance.
• Correlated security events, emergency dashboards, risk-based alerting.
• Comprehensive transparency: Unique, comprehensive transparency through the seamless ingestion, normalization and analysis of data from any source and at any scale. This is made possible by Splunk’s data-driven platform with AI-assisted capabilities.
• Accurate detection with context: Leverage Risk-Based Alerting (RBA), Splunk Enterprise Security’s industry-first feature, to significantly reduce alert volume by up to 90%, ensuring your focus is always on the most pressing threats. Increase productivity and ensure that the threats detected are real.
• Improve operational efficiency: Native integration with Splunk SOAR automation playbooks and Splunk Enterprise Security and Mission Control case management and investigation capabilities creates a single, unified workspace. Optimize MTTD (Mean Time to Detect) and MTTR (Mean Time to Respond) for incidents.

Splunk Enterprise Security Product Brief

Splunk Mission Control

Splunk Mission Control is a pre-installed app on Splunk Enterprise Security (Cloud) version 6.6 and higher that provides a unified view of incident response activities. It consolidates the information into a single dashboard for Incident Commander, enabling timely incident response and management. The dashboard includes customizable tabs for response, events, search, automation and intelligence, providing access to incident review, investigation and threat intelligence capabilities. It streamlines incident management tasks and facilitates effective incident handling.

• Centralized platform to bring together SIEM, SOAR and threat intelligence
• Unified user interface for security teams

The essential Guide to SIEM

CERTIFICATE OF PARTNERSHIP

Our UseCases are only available in German. If you are interested in further information, we are happy to assist you personally. Please do not hesitate to contact us directly.

From Logging to a Managed Security Operations Center

A financial services provider transforms its IT security: Starting with simple log management with Splunk, the company worked with NetDescribe to develop a comprehensive security strategy with Splunk Enterprise Security and Cribl as a data hub. The introduction of a managed SOC with 24/7 monitoring not only met regulatory requirements, but also significantly improved the ability to proactively detect and respond to cyber threats. Read more in our UseCase From Logging to a Managed Security Operations Center

Cyber Security | KRITIS Requirements Trading Company

Our client is subject to the KRITIS regulation in the food sector and must ensure that the required level of cyber security and IT security is implemented for KRITIS facilities. What is often lacking are data-driven insights for comprehensive visibility and rapid detection of attacks and other threats in their IT landscape. Perimeter firewall monitoring has been identified as one of the most important action points. The Element Manager system for managing the firewalls did not provide sufficient time to store and analyze log events. Read more in our UseCase Cyber Security | KRITIS Requirements Handelsunternehmen.

SIEM | Entertainment and e-commerce with Splunk Enterprise Security

Our customer from the media industry is one of the leading entertainment and e-commerce providers in German-speaking countries. It had reached the limits of its existing SIEM (Security Information and Event Management) platform Logrythm. The long-term security goals could no longer be achieved. Although the volume of machine data is increasing, there is no standardized database for analysis and evaluation. The aim is to centralize, correlate and analyze data across the entire IT network in order to identify security problems and respond in real time. Read more in our UseCase SIEM | Entertainment und E-Commerce mit Splunk Enterprise Security.

Log Analysis | Monitoring of text and output management system

Our client has been providing IT operations for 17,000 users of health insurance companies in Saxony, Thuringia and Bavaria since 2008. The core task is to drive forward the transformation of the health insurance companies with all its might. The range of services extends from innovation and consulting, the organization and implementation of tailor-made solutions, the complete operation of technical systems to support to help health insurance companies achieve their goals. The company’s goal was to clearly track their documents, analyze turnaround and dwell times and install a system to monitor and diagnose their industry-specific IT solution. Read more in our UseCase Log-Analyse | Überwachung Text- und Output-Management-System

Rootcause Analysis als Splunk Managed Service

Our customer, a company from Germany, manufactures innovative technologies based on polyurethane. Sporadic problems with the performance in the network make the employees unsatisfied. There is no proper error description and all investigations come to nothing or show that it “should actually work”. Each system on its own: server, router, laptops, wireless components, applications and database look great – “Everything is green!” And yet users still call and report errors, long response times and downtimes. How can targeted troubleshooting identify sources of errors and improve the user experience? Read more in our UseCase Rootcause Analysis als Splunk Managed Service

Analysis of time-critical machine data as a Splunk Managed Service

Our customer, an international airline alliance, approached us with the requirement to evaluate and visualize the logs of its various systems and applications for customer service. Specifically, this involved analyzing and evaluating all machine data from a wide variety of systems that are relevant to a passenger and their well-being during the course of a journey – e.g. check-in or baggage delivery, did the passenger have special requests or was he a frequent flyer? With the Splunk Cloud Platform, the central monitoring and evaluation of the data was optimized. Read more in our UseCase Analyse zeitkritischer Maschinendaten als Splunk Managed Service

Cloud Migration |  From On-Prem to SaaS-Plattform

Secure the future, reduce complexity: Splunk Cloud for modern data analysis

A leading German automotive manufacturer was faced with the challenge of migrating its complex, high-maintenance on-premise Splunk infrastructure to a flexible, cloud-based solution. With the support of NetDescribe and the Splunk Assigned Expert Service, the migration to the Splunk Cloud was successfully realized – for more scalability, simplified administration and maximum data value creation. Find out how the transformation in line with the cloud-first strategy is setting new standards in security, efficiency and analysis capability. Read more in our UseCase Cloud Migration |  Von On-Prem zur SaaS-Plattform