Splunk Managed Services
Splunk monitors and analyses machine data from any source to deliver Operational Intelligence to optimise your IT, security and business performance. With intuitive analysis features, machine learning, artificial intelligence, packaged applications and open APIs, alongside Phantom for security operations and VictorOps for incident management.
- Cloud, hybrid or enterprise deployment
- Collects and indexes log and machine data from any source
- Powerful search, analysis and visualization capabilities empower users
- Fraud and cyber threat detection analysis
- Real time analysis for operational intelligence and business reporting
- Information Assurance and security analysis
- Monitor and ensure compliance issues
- Monitor Logistics RFID and logistics databases machine data (HUMS)
- Monitor and manage internet of things including SCADA data
- Big Data Analytics, machine data from internet/internal network
- Delivers real-time visibility of the service user experience
- Troubleshoot performance or security incidents in minutes, not hours.
- Collect and index any machine data from virtually any source.
- Delivers the scalability, reliability and functionality you need
- Find the relationships within your data.
- Use built-in Splunk analytics modules to tackle impactful issues.
- Make more sense of your huge volumes of data.
- Choose from a wide range of charts and visualizations.
- Use the dashboards to continually monitor events, conditions or KPIs.
- Provides secure data handling, access controls, auditability and assurance
£500 per gigabyte per year
- Education pricing available
|Software add-on or extension||No|
|Cloud deployment model||Hybrid cloud|
In order to operate in an efficient and secure manner, the Splunk Cloud Service requires routine maintenance and upgrades. These are Splunk’s policies regarding offline periods so that maintenance may be performed.
ROUTINE MAINTENANCE - is performed at most once per month and lasts no more than 4 hours. Customers can request a maintenance window around the clock starting Sunday 3 PM through Friday 5 PM PST.
EMERGENCY MAINTENANCE - service-affecting maintenance is only performed in circumstances that require immediate attention, it is not scheduled. Splunk will make commercially reasonable efforts to notify Customers should Emergency Maintenance become necessary.
|Email or online ticketing support||Yes, at extra cost|
|Support response times||NETbuilder will provide prioritised support services for the Managed Services, to be accessed by Customer’s Technical Support Contacts 24 hours a day, 7 days a week (each such request a “Service Request” or an “Incident” or a “Change Request”) according to an agreed set of Response Times for each service request type and priority level.|
|User can manage status and priority of support tickets||No|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
"Our Production Support Level ensures that our customer’s technology estate is operational whilst providing them significant autonomy in daily application and business operations. Production customers are assisted with a self-service portal that makes it easy to request help, search knowledgeable content and track progress on issues, and by the NETbuilder Technical Support team composed of service desk agents and a named Service Delivery Manager (SDM) primarily tasked with system maintenance, health reporting, and solution monitoring on a 24x7 basis.
Our Enterprise offering is a premium full-service package developed with the goal of empowering customer teams to focus on their core business and deliver effectively at scale. This offering entitles the customer to a single point of contact with NETbuilder — Technical Account Manager (TAM), a highly skilled professional proactively supporting the customer during deployment time and production related activities, while ensuring the maintenance and troubleshooting of the technology stack. The TAM meets regularly with the customer and can assist with activities such as performance tuning, configuration, etc. "
|Support available to third parties||No|
Onboarding and offboarding
In order to best kick start and setup the service, we come on site to meet the team, give an initial overview of the Managed Service and describe the next steps.
Once the introductions are completed, we run an initial discovery phase in which we review and validate the scope of the service with the business and technical stakeholders, make an inventory of the resources to support, define a service catalogue, lock down the SLA.
Setup the support, networking and monitoring services, put quality controls in place, check integration points, integrate to the customer business process, trial run end-to-end key use cases and live incidents, start preparing initial knowledge base, grant access etc.
Smoothly switch to the new support service and check hands for an official start.
Maintenance and Support.
Proactively support and maintain your solution as well as regularly report on its performance.
|End-of-contract data extraction||Customer data can be copied to a secure repository and source data deleted. There is no additional charge for this service.|
|End-of-contract process||A high level exit plan is contained within the Managed Service documentation. The exit plan contains instructions as to whether the service is to be ceased or migrated to another third party.|
Using the service
|Web browser interface||Yes|
|Application to install||Yes|
|Compatible operating systems||
|Designed for use on mobile devices||Yes|
|Differences between the mobile and desktop service||If it is through a web browser the functionality is the same. if it is through the Splunk Mobile App custom visualisations do not work|
|Description of service interface||Splunk Cloud does not allow direct access to infrastructure by customers. As a result, you do not have command line access to Splunk Cloud. Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.|
|Accessibility standards||None or don’t know|
|Description of accessibility||Splunk Cloud does not allow direct access to infrastructure by customers. As a result, you do not have command line access to Splunk Cloud. Any supported task that requires command line access is performed by the self-service capabilities of Splunk or by filing a service ticket.|
|What users can and can't do using the API||Differences in implementation details between Splunk Cloud and Enterprise plus permissions for the sc_admin role impacts REST API access. In Splunk Cloud, you open a support ticket to enable REST API access. In addition, Splunk Cloud supports a subset of the REST API endpoints available in Splunk Enterprise. You can find more information regarding using the REST API with Splunk Cloud here https://docs.splunk.com/Documentation/SplunkCloud/7.2.6/RESTTUT/RESTandCloud|
|API documentation formats||
|API sandbox or test environment||Yes|
|Description of customisation||Splunk provides an agile reporting and analytics capability. Reports and dashboards are fully customisable. Role based access is available to allow the customer full control over changes and customisations. The user is able to configure dashboards and the target data sources. Configuration can be through Splunk Web, Splunk's Command Line Interface (CLI), Splunk's REST API and directly in configuration files.|
|Independence of resources||Dedicated tenancies are enforced to ensure customer segregation. Therefore one customer service cannot be affected by another customers service.|
|Service usage metrics||Yes|
• HTTP Request and Response Status
• Number of active instances
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Splunk|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Developed Vetting (DV)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Data importing and exporting
|Data export approach||There are many ways that a user can export data. Splunk provides a REST API to export data. Data can be exported by the Splunk Web facility. Users can use the Command Line Interface, SDK's and data forwarding tools.|
|Data export formats||
|Other data export formats||
|Data import formats||
|Other data import formats||
|Data protection between buyer and supplier networks||
|Data protection within supplier network||
Availability and resilience
Mission-critical performance, scale and reliability - 100% uptime SLA
Splunk provides a 100% uptime SLA for Splunk Cloud. Customers receive service credits in the event of SLA failures, as set forth in our current SLA schedule. As Splunk Cloud is offered uniformly across all customers, the SLA cannot be modified on a customer by customer basis
|Approach to resilience||Splunk cloud is delivered with an SLA of 100%. The service is hosted in AWS and details of the underlying configuration can be provided on request|
|Outage reporting||Email alerts|
Identity and authentication
|User authentication needed||Yes|
|Access restrictions in management interfaces and support channels||Role Based Access Control is supported|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
Audit information for users
|Access to user activity audit information||You control when users can access audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||You control when users can access audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||Splunk Cloud based service uses third-party validation by Brightline of our processes and policies efforts to safeguard customer data to industry standards worldwide. Working with our audit partners, SOC 2 Type 2 attestation is completed for all Splunk Cloud customer environments and ISO 27001 certification is completed for Splunk Cloud customer environments provisioned for data ingestion of over 20GB/day|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
• Customer requests change to service or solution: affected systems, possible risks, security risks, and expected implementation to qualified brief.
• Service Delivery Manager escalates the request to the engagement team who determines if the change is valid.
• Team plans the change. Details recorded about: the expected outcomes, effort estimates, resource profile, timeline, testing, ways to roll back the change, risks including security risks, dependencies and assumptions.
• Change approval board (CAB) may need to review the plan.
• Team implements the change, documenting procedures and results.
• Service Delivery Manager reviews and closes the implemented change.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||The security measures of Splunk and AWS are further described in the Technical Briefing paper at https://www.splunk.com/pdfs/technical-briefs/safeguarding-customer-data-in-splunk-cloud.pdf|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||The security measures of Splunk and AWS are further described here https://docs.splunk.com/Documentation/SplunkCloud/latest/Service/SplunkCloudservice#Security|
|Incident management type||Supplier-defined controls|
|Incident management approach||
End users (via portal, phone or email), monitoring systems, or service desk describes and logs the incident.
Service desk records at a minimum the date and time, reporter name, and a unique ID.
Agent labels the incidents with appropriate categorisation.
Service desk prioritizes incident based on business impact and urgency.
Team diagnoses the incident, services effected, possible solutions. Agents communicate with incident reporters.
Service desk team can escalate the incident to the second or third line support.
The service desk resolves the service interruption and verifies that the fix is successful. Resolution is fully documented.
Service desk closes the incident.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Public sector networks
|Connection to public sector networks||No|
|Price||£500 per gigabyte per year|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||The Splunk free cloud trial lets you search, analyze and visualize 5GB of your own data for 15 days. You can transition your trial instance to a production account.|
|Link to free trial||https://www.splunk.com/page/sign_up/cloud_trial?responsive=1&redirecturl=%2Fgetsplunk%2Fcloud_trial|