Security and the Splunk for VMware app

There is a lot to be excited about in the GA of the Splunk for VMware app — especially for the security practitioner. The VMware app is the first Splunk app (other than the Splunk app for Enterprise Security) to offer dashboards and data for both the IT operations folks that have to manage the environment and the security folks who need to monitor threats to this key business investment. The approach provides built-in transparency for a virtualized environment. It is not easy to dive into all the data being generated by ESX / ESXi, vSphere, the guest OS and applications. This is particularly problematic for security folks with little understanding of where to begin to look in all the data for unauthorized access attempts and account changes across the VMware stack.

The Splunk App for VMware allows the security team to monitor for:

  • Administrators logging in from unknown addresses
  • System changes outside of change windows you set
  • Account changes that may grant unwarranted changes or authority to specific users
  • Monitor for actions attempted but not authorized

User account tracking

The App supports the convergence of IT operations, application management, and security use cases leading to transparency into security incidents and a better understanding of virtualization issues.

Posted by