search
Product Documentation

Hybrid - Anvilogic on Splunk & Snowflake Architecture

Anvilogic implementation with Splunk & Snowflake.

hashtag
Architecture Diagram

Below is the generic architecture digram for how Anvilogic works on top of a hybrid data environment like Snowflake & Splunk

circle-info

  • This supports Snowflake on Azure, AWS, and GCP.

  • This supports Splunk on Splunk Cloud, Splunk Enterprise on-premise, and Splunk Enterprise Security (ES)

Diagram:

Anvilogic on Snowflake (AWS, GCP, or Azure) and Splunk (Cloud or On-Premise)

PDF Download:

file-pdf
7MB
Reference Architecture - Hybrid Splunk & Snowflake.pdf
PDF
arrow-up-right-from-squareOpen

Hybrid FAQ

chevron-rightWhat is the EOI routing pipeline?hashtag

With a multi platform SIEM, you need to select a primary location to store all of your Alerts, this in the Anvilogic platform is called your “Events of Interest (EOI)”.

You will select which logging platform you want to contain your consolidated EOIs from all detection inputs and the EOI routing pipeline will ensure all alerts (regardless where they original from) get routed to land in the correct destination for correlation opportunities across your data repositories.

In this example Splunk was selected to be the primary EOI data repo, which means all Snowflake alerts get routed to the Splunk index. If Snowflake was selected, then all Splunk alerts would get routed to the Snowflake alert table.

Anvilogic will also store a copy of all alerts generated in the platform Alert Lake, which is used for AI-Insights (ex. Tuning, Health, and Hunting escalations).

hashtag
Frequently Asked Questions (FAQs)

Last updated

Was this helpful?