The ARIA SDS Packet Intelligence Integration with Splunk Enterprise Security

A better way to detect, verify, and contain threats—before they can do harm

ARIA SDS Packet Intelligence (PI) offers out-of-the-box integration with Splunk’s Enterprise Security (ES) solution.

Now, security teams can intelligently monitor all network traffic and feed flow metadata to Splunk ES to give it the visibility it needs to detect network-borne threats. ARIA SDS PI also classifies all traffic conversations so you can verify, and then stop, potential attacks at the conversation level.

Since flow metadata is generated for every packet, the Splunk solution can better detect attacks much earlier in the kill chain, minimizing the risk of harm to your organization. This allows security resources to find malware, ransomware, advanced persistent threats, and other incidents as they become active, and not after the fact as detected by log sources—if at all.

Key Benefits:

  • Reduce Costs: Generates unsampled NetFlow data (not full packets) to dramatically reduce data-ingesting costs.

  • Better threat detection: Sends only select data conversations (as requested) to find specific threats.

  • Increase visibility: Provides the visibility needed to isolate hard-to-detect east-west network-borne threats immediately.

Interested in learning more about the ARIA SDS PI-Splunk ES integration?

Download Tech Brief