One low annual price gets you:

Unlimited Security Search Downloads
Access to Frequent Content Updates
Security Content App for Splunk

Splunk Content-as-a-Service

CorrelationX is a security research company and trusted Splunk partner focused on developing cutting-edge security searches that load directly into your Splunk platform, instantly improving your visibility and threat detection capabilities. Our mission is clear, to ensure that you get the most value possible out of your Splunk security investment - quickly. Today’s threats demand it.

The CorrelationX service includes instant access to hundreds of advanced security searches as well as access to all the innovative new Splunk security use cases developed by our industry-leading research team. In addition, if you have a new search that you want created you can submit a request to our research team for development free of charge.

Splunk Content-as-a-Service
CorrelationX Security Content App

CorrelationX Security Content App

Our Splunk certified app uses your CorrelationX subscription to seamlessly integrate all of our innovative Splunk security content with your Splunk Enterprise or Enterprise Security, and provides the capability to automatically load security correlation rules and threat hunting searches into your Splunk instance with a single click.

Successful Security Programs Have One Thing In Common, They Adapt Quickly

When the latest threat hits, you need immediate intelligence to adapt your defensive strategy. Backed by industry leading malware reverse-engineers and network attack experts, CorrelationX will arm your Security Operations and Hunt Teams with a constant stream of research-driven Splunk searches capable of detecting emerging threats and new adversarial tactics.

Our research program is laser-focused on identifying and analyzing new threat actor campaigns, malware families and exploit methods. We conduct extensive research in our security lab, observing real-world threats to identify current and relevant threat actor Techniques, Tactics and Procedures (TTPs). Using an enhanced development and testing framework, those TTPs are efficiently converted into Splunk security searches and published to our solution where our customers can implement them with a single-click.

You can also keep up with the latest Splunk security use cases, advanced malware analysis, threat actor TTPs, logging techniques, cloud security practices and more through our research blog.

Reduce False Alarms

Extreme Endpoint Visibility

2018 will bring a wave of new endpoint threats including new fileless malware techniques to bypass security controls, evolving code injection methods and new forms of destructive ransomware. The CorrelationX research team is constantly analyzing these new tactics and creating advanced searches that can detect even the stealthiest endpoint attacks.

Extensive Data Source Support

The searches developed by CorrelationX support a broad range of data sources to ensure there is relevant content for any environment. We have use cases leveraging data from multiple Operating Systems, native Splunk utilities and dozens of best-in-class security solutions. The CorrelationX Security Content App provides a convenient filter to identify all security searches that match the sourcetypes or data models in your environment.

Supported data sources include:

  • Nix Logs
  • Windows Security Logs
  • Windows Sysmon
  • Carbon Black
  • CrowdStrike
  • Microsoft AD
  • Cisco ASA
  • Palo Alto
  • Dell SonicWALL
  • ProofPoint
  • Fortinet
  • Juniper FW
  • MongoDB
  • MySQL
  • Symantec
  • Attivo
  • Infoblox
  • Office 365
  • Blue Coat
  • Suricata
  • Tanium
  • Check Point
  • Microsoft Exchange
  • Bitdefender
  • ESET
  • Intel (McAfee) AV
  • Microsoft SE
  • Sophos
  • Symantec (SEP)
  • Symantec ATP
  • Trend Micro AV
  • Invincea
  • Palo Alto Traps
  • Watchguard
  • Intel/McAfee
  • Incapsula
  • Bro IDS
  • Check Point
  • Cisco AIP
  • Cisco FireSIGHT (SourceFire)
  • Apache
  • IBM Proventia
  • Intel (McAfee)
  • Tipping Point
  • Microsoft SSO
  • Okta
  • OneLogin
  • Blue Coat Security Analytics
  • CyberArk
  • Lastline
  • Arbor
  • splunkd_ui_access
  • Cisco ESA
  • Stream DNS
  • Stream FTP
  • Stream HTTP
  • Stream TDS
  • ThreatConnect
  • Splunk UBA
  • Juniper Pulse
  • Rapid7 Nexpose
  • Veracode
  • Incapsula
  • Cisco SWG
  • Intel Security (McAfee) SWG
  • Sophos SWG
  • Symantec SWG
  • Trend Micro SWG
  • Trustwave
  • WebSense
  • ZScalar