Combining Titania’s accurate reporting capability with Splunk’s powerful technology stack, allows large networks to accurately audit and analyse their devices across the whole enterprise.
Nipper reports are now available in JSON format, making it easier for large networks to inject their findings into Splunk via the directory audit or HTTP API’s
By ingesting the Nipper audit data into Splunk, a number of Splunk’s standard visualizations will aid in determining conclusions that would be difficult to reach by analyzing individual device reports. The aggregated analysis gives you valuable insight, revealing ‘problem areas’ and ‘hot spots’, such as those analyzed in this ‘Technology Spotlight’:
• Which device manufacturers have the most issues?
• Which vulnerabilities are most prevalent in my network?
• What proportion of my STIG errors are CAT1?
• Which operating systems have the most CAT1 vulnerabilities?
• What is the vulnerability text associated with a particular vulnerability?
Of course, the power of Splunk lies not just in being able to see the overall picture, but to be able to explore and interrogate the data, by pivoting the displays. This allows analysts to explore a single device, a single vulnerability, a single configuration error, or a category of configuration errors and see how they appear.
The Titania data is accurate and deterministic, ensuring the reports give your internal auditors and IA professionals the data they need to keep your network safe. Visualizing or aggregating the data according to Risk Management Frameworks, such as PCI, CMMC, NIST 800-53, or DISA RMF is a common use case.
Together, the Titania sensors and audit data coupled with the power of the Splunk aggregation, analysis and visualization stack helps to keep networks safer and ensures activities like threat-hunting are more efficient and effective.
Download our CTO’s ‘Technical Spotlight on Splunk and Nipper’ below for more on how to automate core network auditing, analysis and remediation.