The ITSI Content Pack for DMARC from Kinney Group is specifically designed to monitor the health and enforcement of DMARC policies across email domains. It leverages Splunk ITSI to provide in-depth analysis and visualization of DMARC reports, ensuring the integrity and security of email communications. This content pack is an essential tool for IT professionals looking to enhance email security and compliance.
- Comprehensive DMARC Monitoring: Offers detailed insights into DMARC policy enforcement, domain spoofing attempts, and email authentication mechanisms, enabling optimized email security.
- Critical Email Domain Tracking: Monitors the real-time operational status of email domains, helping IT professionals swiftly identify and address potential issues.
- Enhanced Email Authentication: Facilitates better decision-making on email authentication and policy enforcement by analyzing trends and detecting anomalies across email traffic.
This ITSI Content Pack is open source and available for community collaboration and enhancement on GitHub.
For more information about Kinney Group's Splunk Products, visit our website.
The ITSI Content Pack for DMARC contains service definitions and KPIs ready to import to ITSI. The KPI Thresholds and importance values are set to defaults so that they can be tuned manually for your use case. After configuration, this content pack provides a comprehensive view of DMARC policy enforcement and email authentication mechanisms.
Kinney Group ITSI Content Pack Blog
For more information about Kinney Group's Splunk Products, visit our website.
DMARC monitoring encompasses several specialized services, each targeting specific aspects of email security and policy enforcement:
- DMARC Monitoring
- Description: Centralized monitoring of DMARC policies and their enforcement across email domains.
- Email Domain
- Description: Monitoring the domains from which emails claim to originate.
- Authentication Mechanisms
- Description: Monitoring the mechanisms used to authenticate emails, including SPF and DKIM.
- Report Analysis
- Description: Analyzing DMARC aggregate and forensic reports to identify trends and anomalies.
Each service utilizes specific KPIs to measure its effectiveness:
- Domain Spoofing Attempts
- Description: Number of emails failing DMARC checks due to domain spoofing.
- Delivery Error Rate
- Description: Percentage of emails that failed to be delivered.
- SPF Authentication Success Rate
- Description: Percentage of emails passing SPF checks.
- DKIM Authentication Success Rate
- Description: Percentage of emails passing DKIM checks.
- Aggregate Report Count
- Description: Number of DMARC aggregate reports received.
- Forensic Report Count
- Description: Number of DMARC forensic reports received.
- Policy Enforcement Rate
- Description: Percentage of emails subjected to DMARC policy actions (none, quarantine, reject).
- Bounce Rate
- Description: Percentage of emails that bounced back.
- Volume Spike Detection
- Description: Detection of unusual spikes in email volume.
Services are interconnected; for instance, DMARC Monitoring is dependent on the Email Domain, Authentication Mechanisms, and Report Analysis services. Similarly, Email Domain relies on Delivery Status and Volume to detect anomalies and ensure proper domain usage.
Some services form a hierarchy, such as Authentication Mechanisms depending on SPF and DKIM Authentication, illustrating a layered approach to email security where base metrics support broader performance indicators.
Kinney Group ITSI Content Pack Blog
To provide feedback, visit our Github and Readme for our content packs.
For more information about Kinney Group's Splunk Products, visit our website.
| Version | Date | Description |
|---|---|---|
| 0.0.1 | 6/6/24 | Initial Preview Release |