In the past we have discussed the benefits of using a security information and event management (SIEM) solution, not only as a compliance tool, but also for protecting against potential threats in real time.
We are excited to announce our official technology alliance with Splunk to release Secret Server for Splunk Enterprise, giving administrators deep insight into the use of privileged accounts, providing better visibility for compliance standards and detection of internal network threats.
Getting the app is simple. While logged into the Splunk interface, navigate to “apps” and search for Secret Server. Once installed, you can use the app to automatically start pulling information from the Secret Server sysLog. Make sure you have Secret Server installed and running before using the app.
Using Secret Server with a SIEM tool such as Splunk allows administrators to gain a clear picture of what is going on throughout their network. The app can be used to filter out key events from the Secret Server sysLog using the Event Search feature. This allows easy retrieval of information from real time events, such as when users are launching sessions, accessing reports, checking out Secrets, or when Unlimited Administrator mode is turned on.
In addition, the app allows you to access and create robust reports directly in the Splunk interface.
Want to learn more? Download Secret Server for Splunk Enterprise today!