Splunk Demo Battle Card 2014

Summary:

The document presents six use cases designed to demonstrate the capabilities of Logger and Express – Security Manager (ESM) by HP ArcSight compared to Splunk in terms of log management and SIEM functionalities. Specifically, Logger focuses on log management with three demos, while ESM specializes in SIEM with three more demos. For Logger: 1. **IT Ops Use Case**: Demonstrates how Logger can manage IT operations similar to Splunk by managing a web server down event and identifying configuration changes causing the issue. 2. **Netflow Use Case**: Shows Logger's capability to handle data pipelines and searches, connecting all sources to Microsoft SQL Servers, mirroring Splunk’s search-based approach but within Logger's platform. 3. **Raw Data Use Case**: Highlights Logger's ability to store not only structured data but also raw or unstructured data, with the capability to parse such data into a structured format for searches. For ESM (Express – Security Manager): 1. **Privileged User Monitoring Use Case**: Features IdentityView within ESM, emphasizing its strengths in tracking user activities and addressing Splunk’s weaknesses in IAM and RBAC. 2. **RepSM Use Case**: Demonstrates how DVLabs provides real-time updates on security threats like malicious IPs, domains, reputation scores, and exploit types, outperforming Splunk's less robust handling of such information. 3. **Worm Outbreak Use Case**: Highlights ESM’s ability to correlate data in real-time and through historic analysis, surpassing Splunk’s search capability and alerting system for deeper security insights. These use cases aim to showcase the competitive advantages of Logger and ESM by comparing their functionalities with those of Splunk in managing log data and providing SIEM solutions.

Details:

The document outlines six use cases designed to showcase how Logger and Express – Security Manager (ESM) by HP ArcSight perform against Splunk, emphasizing their respective strengths in log management and SIEM functionalities. For Logger, which focuses on log management, there are three demos tailored for this purpose: 1. **IT Ops Use Case**: This demo highlights the ability of Logger to manage IT operations similar to how Splunk handles such scenarios by demonstrating a web server down event and the configuration change that led to the issue. 2. **Netflow Use Case**: It demonstrates how Logger can efficiently handle data pipelines and searches, showcasing its capability to connect all sources talking to Microsoft SQL Servers, mimicking Splunk’s search-based approach but within Logger's platform. 3. **Raw Data Use Case**: This use case showcases Logger's ability to store not only structured data but also raw or unstructured data. It shows how raw data can be parsed into a structured format upon search, contradicting Splunk's claim that Logger cannot handle such data types. For ESM (Express – Security Manager), which is focused on SIEM functionalities, there are also three demos: 1. **Privileged User Monitoring Use Case**: This demo showcases the IdentityView feature within ESM, highlighting its ability to track user activities and exploit Splunk's weaknesses in identity and access management (IAM) and role-based access control (RBAC). 2. **RepSM Use Case**: It emphasizes the differentiators of ESM by showcasing how DVLabs provides real-time updates on malicious IPs, domains, reputation scores, and exploit types through ESM. This contrasts with Splunk's less robust handling of such security information. 3. **Worm Outbreak Use Case**: This demo demonstrates ESM’s strong correlation capabilities, both in real-time and through historic analysis, which are not fully realized by Splunk’s search capability and alerting system. It also shows the ability to correlate on pre-existing events for deeper security insights. These use cases collectively aim to highlight Logger's and ESM's strengths in handling various log management and SIEM tasks that are central to both Splunk and their respective platforms, thereby providing a competitive edge based on functionality comparisons.