AlphaSOC Releases Network Behavior App

AlphaSOC's Network Behavior Analytics app helps security teams identify threats and anomalies within their networks. It processes CIM-compliant DNS, IP, HTTP, TLS, and DHCP events within Splunk to flag compromised hosts. The app can uncover DNS and ICMP tunnels, DGA traffic, C2 callbacks, data exfiltration, and cryptomining activity. Hundreds of security teams use the app to identify malware, data exfiltration, and policy violations. The AlphaSOC Analytics Engine, which powers the app, can be evaluated for free for 30 days. Users can generate an API key within Network Flight Recorder or the Splunk apps to start the evaluation. The app's analytics engine performs multi-dimensional analysis of raw network events. It uses volumetric analysis, FQDN resolution, reputation data, and traffic categorization to identify threats. It can also flag traffic to known phishing domains and detect brand impersonation attempts. To install the app, users can search for "Network Behavior Analytics" in the Splunkbase app store. Users need to ensure their Search Head can access api.alphasoc.net via HTTPS. An activated API key is unrestricted for 30 days for evaluation purposes.