VMRay & Splunk SIEM Connector

Splunk is the leader when it comes to SIEM security products because they help you reduce breaches and other fraud risks by 70%. This is why Splunk has been named as the SIEM leader in Gartner’s Magic Quadrant for seven years running. Splunk has a voracious appetite for data and so VMRay Analyzer is the perfect complement because it can feed Splunk with a wealth of detailed analysis information related to suspicious files and URLs, including verdicts, IOCs, VTIs (our VMRay Threat Identifiers), YARA rule matches, file hashes and much more.

Hashes of malicious threats can also be imported directly into the Threat Intel component of Splunk Enterprise Security. With VMRay Analyzer in place, you have the additional option of submitting files and URLs from Splunk into VMRay Analyzer for analysis, through Splunk’s Adaptive Response framework. Of course, the results of this analysis can then be imported back into Splunk, thereby further enhancing your aggregated threat intelligence within Splunk.

Executive Summary

Connector Name: VMRay Analyzer Add-on for Splunk

Connector Version: 2.0.0

Works with VMRay Platform Versions: 4.0, 4.1, 4.2

Owner of Splunk: Splunk

Splunk Partner Page: Splunkbase VMRay Analyzer Add-on Page

Primary Categories: SIEM

Connection Capabilities

Connects Into Analyzer: Yes – file and URL analysis results including Verdicts, IOCs, VTIs, and YARA rule matches; malicious file hashes into Enterprise Security (Threat Intel)

Connects Out to Analyzer: Yes – file and URL submission via the Adaptive Response framework in Splunk

Use Cases: Enhanced Threat Intelligence, IOC Mining, Secure Detonation, Binary Evaluation, Threat Hunting