Home > Data Protection > Data Protection (general) > Advanced Anomaly Detection with Data Protection Advisor > Data Protection Advisor integration with Splunk for cyber threat anomaly detection
The Analysis Engine feature of Data Protection Advisor provides feasibility to generate cyber threat alerts with help of analysis policy and rules configured to the policy. All alerts can be viewed within the Data Protection Advisor web console and in the Windows log event, emailed, or sent into an external operations system. In continuation to the enhancements, Data Protection Advisor supports integration with Splunk to provide an opportunity to perform query the index for events forwarded from Data Protection Advisor for real time monitoring of anomalies or issues in the production environment. With Splunk query, consolidated event reporting is achieved. Splunk is a security information and event management (SIEM) solution that collects and analyzes data from multiple systems mitigating potential damage with advanced threat detection, investigation, and response capabilities, as well as built-in security analytics. Integration with Splunk helps to quickly detect threats and reduce business risk.
Splunk uses the Data Protection Advisor application server Windows event logs (application logs) as the data source for index search and reporting. The Splunk universal forwarder is installed on Data Protection Advisor application server running on Windows. The Splunk universal forwarder monitors the Windows event logs for any cyber threat events and streams event data from Data Protection Advisor server to Splunk receiver as shown in Figure 44.
Note: In this white paper, Data Protection Advisor integration with Splunk is configured on Data Protection Advisor instance running on Windows operating system (OS).
This solution would be useful for users who would like to have SIEM solution to monitor, visualize, and take necessary action for the events detected on the Production environment.
Advantages of integrating Splunk with Data Protection Advisor: