Hybrid - Anvilogic on Splunk & Snowflake Architecture

Anvilogic implementation with Splunk & Snowflake.

Architecture Diagram

Below is the generic architecture digram for how Anvilogic works on top of a hybrid data environment like Snowflake & Splunk

This supports Snowflake on Azure, AWS, and GCP.
This supports Splunk on Splunk Cloud, Splunk Enterprise on-premise, and Splunk Enterprise Security (ES)

Diagram:

PDF Download:

7MB

Reference Architecture - Hybrid Splunk & Snowflake.pdf

pdf

Hybrid FAQ

What is the EOI routing pipeline?

With a multi platform SIEM, you need to select a primary location to store all of your Alerts, this in the Anvilogic platform is called your “Events of Interest (EOI)”.

You will select which logging platform you want to contain your consolidated EOIs from all detection inputs and the EOI routing pipeline will ensure all alerts (regardless where they original from) get routed to land in the correct destination for correlation opportunities across your data repositories.

In this example Splunk was selected to be the primary EOI data repo, which means all Snowflake alerts get routed to the Splunk index. If Snowflake was selected, then all Splunk alerts would get routed to the Snowflake alert table.

Anvilogic will also store a copy of all alerts generated in the platform Alert Lake, which is used for AI-Insights (ex. Tuning, Health, and Hunting escalations).

Frequently Asked Questions (FAQs)

Last updated 2 months ago

Was this helpful?