Using Splunk to Monitor Exchange Server, SharePoint and SQL Server

Automatic dashboards and security event intelligence is built-in for LOGbinder customers using Splunk

Getting the audit data from Exchange, SharePoint and SQL Server isn’t straightforward. It’s a simple requirement but a complex challenge. The pre-built scripts and utilities provided by Splunk aren’t up to the needs of a security-focused organization.

This problem isn’t unique to Splunk; all SIEMs require solid middleware to bridge the gap to Exchange, SharePoint and SQL Server.

LOGbinder for SharePoint, LOGbinder for Exchange and LOGbinder for SQL Server collect, translate and send SharePoint, Exchange and SQL Server audit log events to any SIEM. The Splunk App for LOGbinder is needed to enrich their output for Splunk users.

Our Splunk App for LOGbinder includes:

  • Built-in integration for LOGbinder for Exchange, LOGbinder for SharePoint and LOGbinder for SQL Server for automatic feeds to four different dashboards
  • Built-in security event intelligence using LOGbinder’s Recommended Rules and Alerts for all LOGbinder products.
  • Workflow action hyperlinks to a description of each Event ID via the Ultimate Windows Security Online Encyclopedia.
  • Field extractions from the raw syslog
  • Pre-set and customizable alerts

The Splunk App for LOGbinder makes using LOGbinder software and Splunk a plug-and-play experience. Setup takes minutes.

The following thumbnails show the global overview of the LOGbinder for Splunk app and the individual product page overviews.