Find, Fix, and Verify your Splunk Logging

The Splunk Logging Problem.

  • How do you know you’re logging the right data?
  • Why wait for a breach to find out you’re missing logs or that your alerts weren’t configured correctly?
  • How do you test your configurations once a change has been made?

That’s where NodeZero comes in.

With Horizon3’s autonomous pentesting platform, you’re able to look at your enterprise through the eyes of an attacker…

Identify Blind Spots

Quickly identify your missing logs, work to ingest them, and then rerun the pentest to verify the logs are being ingested properly into Splunk.

Prioritize Logging

Use our pentesting results to prioritize which hosts to increase logging for, and identify hosts where you can reduce your logging to efficiently use your Splunk license.

How does NodeZero Help?

Fixing your logging blindspots

NodeZero allows you to see if the attack sequence was captured in Splunk via raw logs or alerts, remediate the logging blindspots and tune searches, and rerun the pentest or attack command to verify that they are now configured to properly detect further attacks of that nature.

Prioritizing what NOT to log

NodeZero assigns a “Critical Impact” score to each host used to execute an attack. These criticality scores enable you to accurately determine where to increase and decrease their host-based logging.

Fixing what’s broken

Upon identifying weaknesses in the environment, NodeZero auto-generates a “Fix Action” report that can be used to produce a succinct to-do list.

Hands of two people looking over a report between two laptops

For Splunk Professional Services Partners

Consulting+ Licensing Model

With Horizon3’s Consulting+ licensing model, professional services companies can execute any number of pentests at a fixed cost, enabling them to improve the quality of their Splunk deployments, and providing proof to their customers that their SIEM is ready to defend against attacks.

  • Running 1 pentest at a time across an entire enterprise requires only 1 license.
  • Buy as many licenses as you wish to run multiple concurrent pentests.
  • Each pentest can cover an unlimited number of IPs, which means there’s no limit to how big or small the customer environment is.
  • Use the “Fix Action” report to generate a follow-on Statement of Work (SOW) and generate more IT services revenue.

NodeZero is your ticket to proving how awesome your Splunk services team is, so why not let your results do the talking and generate more value for the customer and more revenue for yourself?

Want to learn more about Horizon3.ai for Splunk?

Horizon3.ai’s mission is to help you find and fix attack vectors before attackers can exploit them. Contact us now for a quote or if you have any questions.