Berlin, November 16, 2020: Splunk® Enterprise™ collects, monitors, indexes and analyzes data – including log files, configuration files, messages, notifications, scripts, metrics and clickstream data – from any app and any server, regardless of whether it was created by IT systems, IT infrastructures, sensors in manufacturing systems or security systems. Already valued by administrators for its visual representation of network events, macmon now offers even more convenience and security thanks to its integration with Splunk: macmon transmits data in real time and Splunk visualizes it in pre-configured dashboards.
Christian Bücker, Managing Director of macmon secure GmbH on the news: “Our growing number of technology partnerships with leading national and international partners offers important added value for our customers. The exchange of critical data between the systems significantly increases the level of security and makes it easier for administrators to control and manage their network.”
macmon NAC reports compliance incidents to Splunk
Compliance incidents are critical for network administrators for several reasons. If an endpoint is threatened by malware or is not on the current patch level, this is a violation of corporate policy. A product from one of macmon’s technology partners detects this violation and transmits it to macmon, which may then isolate the endpoint from the network and notify an administrator, depending on the configuration. Once the threat is eliminated, this status is usually transmitted to macmon and the endpoint is automatically transferred back to the network. For compliance changes, macmon not only processes these but also transmits them in real time to Splunk, which displays them in graphical form. This gives network administrators a real-time overview of current compliance incidents on the
corporate network at all times.
macmon NAC transmits network sessions to Splunk
In addition to a comprehensive overview of compliance incidents, the integration between Splunk and macmon provides a dashboard that displays current and terminated network sessions, whose metadata is transmitted to Splunk at their start and end. This provides an informative overview of which network devices were used for the most endpoint logins, or how many network sessions were started in a given period of time.
macmon NAC transmits RADIUS authentications to Splunk
Metadata about the authentication mechanism used, such as SNMP or RADIUS, is also transmitted with the network sessions. This data is clearly visualized on the Authentication Dashboard.
Configuration in Splunk
The macmon Monitor app is now available on Splunk’s app store Splunkbase for convenient download and installation.