Ever since we announced Prevoty’s application security monitoring capability, we’ve had dozens of customers ask us about integration with various SIEM’s. Our ability to provide real-time attack intelligence from inside production applications is an exciting development for application security professionals and being able to correlate that data with other security information is extremely valuable.
Prevoty’s monitoring output can already be consumed by any SIEM, but today we announced a major advance in making the data easily consumable and actionable: the Prevoty AMP App for Splunk. The “who / what / where / when” of attacks on applications can now be delivered to a custom Splunk dashboard, making it much easier to correlate, visualize and understand active attacks and, of course, ultimately thwart hackers.
We are already seeing customers benefit from this capability by using Prevoty in monitoring mode across a broad base of their Java and .NET applications. Then, with the insights gleaned from their Splunk dashboard, they can selectively enable Prevoty’s protection capabilities to neutralize the vulnerabilities being exploited, giving breathing room for the development teams to fully remediate the applications most at risk.
There are also significant additional benefits to analysts using Splunk for forensic and root cause analysis (RCA). The attack data surfaced by Prevoty has a level of accuracy and granularity that has simply never been available before.
This app is now available on Splunk’s app store, Splunkbase. You can find it here. (Existing Prevoty customers can get the custom dashboard for free – just contact your Prevoty representative and we’ll make it happen.)
As always, we welcome your comments and questions.