Splunk MSSP
We offer a truly Co-Managed Service.
You want access to your data, but don’t have the resources to consistently monitor logs on a daily or 24/7 basis to ensure your systems’ security. Our work includes everything from small 10GB/day environments to large multi-site customers.
Your license. Your data. Our Splunk Security know-how.
Long gone are the days of black-box MSSP. The power of Splunk is being able to build an in house security operations center (SOC) and being able to see your data when you want it. Our Splunk MSSP is built for you and how you choose to use the platform.
Our services include:
Splunk MSSP
Human Security Review
Our engineers search for security anomalies with daily reviews of your Splunk environment. By reviewing alerts and dashboards, we identify potentially malicious activity. Based on review outcomes, our engineers filter false positives, investigate potential threats, and escalate valid security incidents according to your Alert Escalation Communication Plan.
Security Rule Tuning
Based on our engineer’s security reviews and client feedback, our team tunes your environment to reduce false positives or increase coverage.
Notable Event Investigation
When we escalate a notable event, we also perform a first level investigation. Our engineers narrow your search and reduce your incident resolution time. Rest assured that you will spend precious response time efficiently.
Custom Threat Intelligence
Based on industry trends and shifting threat landscape we cultivate high-confidence threat feeds that we integrate into your environment to enrich and enhance security investigations.
Splunk On-Demand Admin
Splunk Administration
Our engineers assist in maintaining the health of your Splunk instance. We monitor the health of your Splunk infrastructure from search heads, to indexers, to deployment servers, and all other Splunk systems supporting your environment.
Splunk Upgrades
Our engineers support the upgrades needed for your Splunk environment. When the time to upgrade comes we can assist with an upgrade path, determine the order of which upgrade certain systems, and help perform the actual upgrade.
Splunk Dashboards and Searches
If you need to have a dashboard, report, or a saved search developed our engineers can help. We work with your team to determine the data sources required to construct the dashboards and searches required.
Splunk Premium Support
We can help troubleshoot Splunk issues. If you are looking for support for that issue you can’t quite seem to resolve, our Certified Splunk Engineers can help.
For all of our Splunk Managed Services:
Biweekly Status Reports
As your trusted data security partner, we are committed to consistent communication. Our team provides a bi-weekly summary report designed for leadership and analyst review. Included is environment health, investigation results, current ticket status, and roadblocks.
Quarterly Status Meeting
Your environment is in constant motion which impacts your security posture. To ensure our teams are aligned and pro-active, we provide quarterly meetings to review current security health and future plans that could affect your Splunk environment.
Optional Service Add-Ons:
24/7/365
Do your compliance or internal directives require 24/7 security monitoring? We have you covered with our affordable 24/7 service.
Admin, Updates, & Configuration
Need occasional help with Splunk upgrades, adding new programs, or data ingestion? Interested in customized dashboards and reporting? Our accredited, award-winning Splunk team can provide additional services as needed.
Related Documents
Recent Blog Posts
Splunk Data Onboarding: Success With Syslog-NG and Splunk – Part 2
By: Dan Potter, Senior Security Engineer If you're just getting started be sure to check out Part 1 of our series: Data Onboarding Success Part 1 - Success with Syslog-NG and Splunk. How do I install syslog-ng? Make sure you download the latest version of syslog-ng....
Splunk Data Onboarding: Success With Syslog-NG and Splunk – Part 1
By: Dan Potter, Security Engineer Many organizations already leverage syslog for data collection. It's easy to get up and running and get data logged to a file. However, when it comes to bringing this data in to Splunk, there are a few things that can help with your...
“NuHarbor was able to remove 99% of our security white noise. We only receive alerts for notable events. Our team is able to focus on legitimate security events.
We’re Splunk Specialists
NuHarbor Security provides innovative information security services and technology solutions. We are an established Splunk Premier Partner with a deep bench of Splunk accredited professionals. Our dedicated engineers deliver implementation services, ongoing professional services, as well as a comprehensive Splunk Enterprise Security Managed Services Program. With extensive experience in state, local, education, and commercial sectors, NuHarbor is your full-service Splunk partner. We will ensure your Splunk platform scales efficiently for years to come.
Why Splunk
At NuHarbor Security we view Splunk as a central cog to the security machine and seek to leverage automated integration wherever possible to reduce manual overhead. NuHarbor Security also understands that log and event data contain an immense amount of value for more than just the security organization, and knows how to leverage the data analytics and automation services provided by Splunk throughout the enterprise. NuHarbor Security utilizes Splunk’s industry leading next generation data analytics platform to provide cohesive analytics services by leveraging existing machine data. The flexibility of our Splunk Managed Services platform allows us to host your Splunk environment on dedicated instances managed by NuHarbor Security in our cloud, or on your own on-premise platform in order to meet your unique business requirements. Regardless of the deployment model, you maintain full access, visibility, and usability of your data.