IT

Splunk Rapid Adoption Packages - Part 2

In part 1 of the RAP blog we focused on an overview of Rapid Adoption Packages, Part 2 will now focus on the use case package specifics and how these can help with customer goals.

With Rapid Adoption Packages Customers have the option to select a number of use cases which are specifically designed exactly to do this, there are currently 9 available use case packages and they include:

Storage Management Package

The Splunk Storage Management Package addresses key issues with data storage in IT Operations environments. This module provides useful monitoring of tiered storage across different vendors where native tools fail to provide sufficient information to storage administrators. This package helps storage administrators with troubleshooting, performance management and capacity planning regardless of storage vendor or type.

Capabilities supported in the Splunk Storage Management Package include:

  • Log Volume Trending
  • Storage I/O Latency
  • Disk Utilization
  • Storage Speed I/O Utilization by Host

Network Management Package

The Splunk Network Management Package addresses key issues with data networks in IT Operations environments. This package helps network administrators with troubleshooting, performance management and capacity planning.

Capabilities supported in the Splunk Storage Management Package include:

  • Wire Data for Application Management
  • Log Volume Trending
  • Network Utilization
  • TOR Traffic

Server Management Package

The Splunk Server Management Package monitors performance characteristics of servers, applications and IT infrastructure. This module provides a comprehensive set of monitoring tools for a variety of IT vendors and platforms, providing proactive alerting and real-time visualizations.

Capabilities supported in the Splunk Server Management Package include:

  • Memory Measurement by Host
  • Log Volume Trending
  • Processor Level CPU Utilization
  • Server Error Identification
  • New Local Administrator Account Identification
  • Multiple Host Infection
  • New Administrator Accounts
  • Domain Controller Authentication
  • New Administrator Accounts
  • New Services Account
  • Recurring Host Infection
  • Local User Credentials

Application Management Package

The Splunk Application Management Package monitors performance characteristics of enterprise applications, purpose-built code-streams, and IT infrastructure support. This module provides a comprehensive set of monitoring tools for a variety of IT applications and platforms, providing proactive alerting and real-time visualizations.

Capabilities supported in the Splunk Application Management Package include:

  • Wire Data for Application Management
  • Memory Measurement by Host
  • Log Volume Trending
  • Storage I/O Latency
  • Processor Level CPU Utilization
  • Storage Speed I/O Utilization by Host

Web Management Package

The Splunk Web Management Package monitors performance characteristics of web servers, internet applications and network infrastructure supporting internal and external web platforms. This module provides a comprehensive set of monitoring tools for a variety of IT vendors and platforms, providing proactive alerting and real-time visualizations.

Capabilities supported in the Splunk Web Management Package include:

  • Slow Web Page Identification
  • Web Page Users by Country Identification
  • Large Web Uploads
  • New Administrator Accounts
  • Increased Host Logins
  • New Services Account

Security Monitoring Package

The Splunk Basic Security Monitoring Package monitors security events of internal IT infrastructure. This module provides a comprehensive set of security monitoring tools supporting a variety of IT vendors and platforms and providing proactive security alerting and real-time visualizations.

Capabilities supported in the Splunk Basic Security Monitoring Package include:

  • Basic Brute Force Detection
  • Basic Malware Outbreak
  • Basic Scanning
  • Endpoint Uncleaned Malware Detection
  • Multiple Infections on Host
  • Recurring Infections on Host
  • User Login with Local Credentials

Compliance Package

The Splunk Compliance Package monitors comprehensive events of internal IT infrastructure to ensure compliance. This module provides a set of security and compliance monitoring tools supporting a variety of IT vendors and platforms. The module also provides compliance reporting and can be configured for specialized compliance alerts.

  • Capabilities supported in the Splunk compliance Package include:
  • Memory Measurement by Host
  • Log Volume Trending
  • Processor Level CPU Utilization
  • Server Error Identification
  • New Local Administrator Account Identification
  • Multiple Host Infection
  • New Administrator Accounts
  • Domain Controller Authentication
  • New Administrator Accounts
  • New Services Account
  • Recurring Host Infection
  • Local User Credentials

Insider Threat Package

The Splunk Insider Threat Package monitors potential insider threat security events in IT infrastructures. This module provides a comprehensive set of security monitoring tools supporting a variety of IT vendors and platforms. It can also provide proactive security alerting for potential insider threats.

Capabilities supported in the Splunk Insider Threat Package include:

  • Flight Risk Web Browsing
  • Large Web Uploads
  • Source-based High Volume of DNS Traffic
  • User Login with Local Credentials
  • Local User Credentials
  • Advanced threat package

The Splunk Advanced Threat Detection Package monitors potential threats in a variety of IT contexts. This module provides an advanced set of security monitoring tools supporting a variety of IT vendors and platforms. It also provides proactive security alerting for advanced threats.

Capabilities supported in the Splunk Advanced Threat Detection Package include:

  • New Domain Controller Authentication
  • Basic TOR Traffic Detection
  • Increased Number of Host Logins
  • New Interactive Login from a Service Account
  • New Local Administrator Account Identification
  • Windows Event Log Clearing

Pricing for Rapid Adoption Packages are based on the number of use cases packages and once customers have decided on the packages, they are interested in implementation - it can be discussed further with their sales rep. Rapid Adoption Packages are priced per package and are available for both Splunk Enterprise and Splunk Cloud. 

Need additional information?

Reach out to your sales rep to setup a discussion or a demo to understand more about the value Rapid Adoption Packages bring.

For more details on use cases please see the Use Case Definitions Page.

The only catch with Splunk Rapid Adoption Packages is that you will end up taking a liking to Splunk the Data-to-everything-Platform.

Until next time, 

Arfan

Arfan Sharif
Posted by

Arfan Sharif

Arfan Sharif works as a Sales Engineer in the UK, He assists customers across IT Operations, Business Analytics and Security use cases to ensure they can maximise the value of Splunk. Before joining Splunk Arfan worked as a Sales Engineer for Genesys, Quest Software and DELL.

Join the Discussion