Insights

Consoft Sistemi suggest some free Splunk applications for critical environments

Over the past few days we have had a lot of customers telling us they are setting policies for their staff to flexibly work from home. This often means there is a real urgent need to get better visibility into remote access operations without making big changes to their environments.

critici

Consoft Sistemi, Italian SPLUNK partner from 2008 with more that 100 Italian customers, propose a set of applications downloded from www.splunkbase.com They are free, can be installed on SPLUNK and allow to monitoring the remote access and the availability of critical application.

  • REMOTE ACCESS
  • VPN
  • COLLABORATION PLATFORM (MICROSOFT365; G SUITE)
  • MULTIFACTOR AUTHENTICATION

 

 

REMOTO ACCESS

Citrix - https://splunkbase.splunk.com/apps/#/order/latest/search/citrix 
Users will connect in from home laptops over the internet into a Citrix server that could be hosted in a data center. This could put strains on licensing, internet bandwidth and server performance hosting the Citrix environment.

Splunk Citrix Addons:
For the customers use Citrix as remote desktop platform, last period the servers hosting the Citrix environment as stressed.
These are all key areas that Splunk can monitor with various add-ons.

Splunk Citrix Addons:
There are several Splunk Citrix addons that can pull data into Splunk from Citrix. These apps are free and can provide detail into Citrix Netscaler and XenDesktop.

Uber Agent - https://splunkbase.splunk.com/app/1448/  
Whilst this is a paid addon, it can collect data from Citrix servers and report on their health, or allow you to help troubleshoot machines that might be remote. It is possible to install trial versions on Windows machines to use for one off troubleshooting of End User compute

The Uber agent has many Citrix dashboards that show, login performance and allow you to troubleshoot login issues from a central location. On top of that it can show application performance on remote endpoints allowing administrators to troubleshoot from inside Splunk.

 

immagine1 covid

 

 

VPN

The VPN give direct access to internal networks and allow remote users to access internal intranets, or other services inside the corporate network. With an abundance of users connecting in simultaneously this again could put strain on corporate internet, or concurrent users..

With Splunk is possible make Troubleshooting dashboards that allow admins to determine why users are not able to VPN are also critical

Palo Alto Addon - https://splunkbase.splunk.com/app/491/

Can pull data from their firewall solution, allowing you to see bandwidth on key links. Additionaly Global protect VPN show below can help customers with troubleshooting remote access.

Below is an example screenshot from Palo Alto’s app that allows you to search for users having login issues, see how many people are connected and from what location:

 

immagine2 covid

 

 

COLLABORATION – MICROSOFT/G SUITE

Popular collaboration platforms like Zoom and WebEx have APIs that can be consumed for monitoring and visibility. Zoom, for example, does have a pretty extensive data API stack and one savvy Splunk customer worked with their performance engineering team to come up with a set of metrics that would indicate service quality.

Microsoft 365: https://splunkbase.splunk.com/app/3786/
If your organization is a Microsoft 365 customer, then this app provides dashboards for Microsoft 365 management data, which includes important data on Microsoft Teams performance as well as Exchange, SharePoint, OneDrive, and Active Directory. All of which are critical services that will be consumed in a unique context as the workforce shifts to remote. 

G SUITE - https://splunkbase.splunk.com/app/3791/
Give your G Suite admins that ability to consume data from Google APIs in this intuitive app.

 

immagine4 covid

 

Slack: https://splunkbase.splunk.com/app/3542/
Gain insights into user activities and resource utilization easily with this handy app. 

 

immagine0 covid


 

MULTIFACTOR AUTHENTICATION

Multifactor authentication is often used for remote access to ensure a higher level of security, and these will become critical services as well. Being able to know who is having issues, troubleshooting Token assignment or even keeping a close eye on the number of licenses available.

RSA Multifactor Authenticationhttps://splunkbase.splunk.com/app/2958/

Duo Multifactor Authenticationhttps://splunkbase.splunk.com/app/3504/

 

immagine5 covid

 

Zscaler app - https://splunkbase.splunk.com/app/3866/ 
Provides visibility into remote access, no matter where the users are connecting

Cisco’s App - https://splunkbase.splunk.com/app/1620/ 
Will provide the same functionality to help populate dashboards around remote access and bandwidth on key links. 

 

 

For further information: This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Image