We’re psyched to meet security leaders from across the globe next month at Splunk’s .conf22 at the MGM Grand in Las Vegas on June 13-16. This year’s in-person conference also includes the option to join virtually, so Splunkers from around the world can watch the all the sessions remotely, access the partner zone, hands-on labs, and get a .conf22 hoodie from the comfort of their couch. If you’re planning to be there in Vegas, don’t forget to say hi to D3 Security’s crew at our booth (#M111). Our representatives from sales, marketing, channel, and cyber engineering will all be there to share their knowledge and spread the word about our SOAR platform. We’ll also be giving away some D3 swag, so you’ll have something to remember us by.
Why D3 Security 💞 Splunk
As a leading vendor-agnostic SOAR platform, we have a long-standing association with Splunk, as many of our customers use its security, observability, and analytics products. We also love their dedication to the craft of making hilarious t-shirts. Out of our 500+ integrations, our bi-directional integration with Splunk is one of the most popular. Our SOAR platform integrates with Splunk Enterprise Security, IT Service Intelligence and Splunk User Behavior Analytics (UBA), enabling you to make the most out of these tools from a single interface. Splunk integrations are available in the D3 Marketplace within our SOAR tool. Simply add your credentials and begin to leverage our pre-built integration actions in our codeless, drag-and-drop playbook editor. This enables your SOC team to use Splunk to increase the speed and quality of triage and investigations and mitigate risks faster than ever before. Here are a few things you can do with D3’s SOAR integration with Splunk.
Read: SIEM vs. SOAR: How they Differ and Why they Work Well Together
Fetch and Enrich Events from Splunk from within D3 SOAR
D3 SOAR can ingest events from Splunk based on search parameters such as start and end time, number of events, and all the keywords, expressions, and possibilities mentioned on the Splunk documentation page. This is useful if you want to be alerted when certain conditions are met (for example: when an endpoint’s logs indicate potential anomalous activity). Such actions can be a part of your incident response playbook. Every single event ingested by D3 goes through our Event Pipeline, a global event playbook that rapidly ingests, de-duplicates, enriches, prioritizes, and dismisses/escalates notable events for remediation. D3 can also perform enrichment using historical data, and correlate events using threat intelligence frameworks like MITRE ATT&CK. D3’s integrations with hundreds of additional security and IT products, help SOC teams incorporate all the SecOps tools in their arsenal into their detection and response workflow – from ticketing systems and messaging tools to firewalls, endpoint protection tools, vulnerability scanners, and threat intelligence platforms. With D3 SOAR, your SOC team can prioritize and act on notable events first.
Push and Update Events into Splunk from within D3 SOAR
As we mentioned earlier, D3’s integration with Splunk is bi-directional. You can also push events enriched by D3’s SOAR tool into Splunk, which will allow you to graph and query them, making full use of Splunk’s capabilities. You can also update notable events by their Search or Event ID, assign a new owner, and update the event’s status or urgency. You can also execute commands in Splunk as part of a utility action, automation, or SOAR playbook.
Key Integration Benefits
- Fast and consistent response, with incident-specific playbooks for Splunk events. When an analyst is assigned to an event, they will already have all the information they need to act quickly and effectively.
- Enhanced case management features to help you handle, track, and report on the full incident response lifecycle. Our case management features are rated as the best in category by industry research reports, allowing SOC teams to create detailed and structured records related to a security event or investigation.
- Automated SecOps and IR workflows, saving you time and effort by integrating actions across 500+ other security tools. As a vendor-agnostic SOAR platform, our integrations are deep and more effective than the competition. We’ve pulled in just about every action available on each tool and put them in one place.
- Intelligent event correlation, using MITRE ATT&CK. Analysts can quickly and easily identify previously unseen attacks by analyzing events that have already occurred and identifying previously unknown connections between them.
Download: 2020 Gartner® Market Guide for Security Orchestration, Automation & Response Solutions
We Help Your SOC Team SOAR to Action
AT D3 Security, it’s our mission to empower SOC teams to fight advanced cyberattacks by providing a comprehensive, end-to-end automation and orchestration platform in which they can build and deploy playbooks that leverage all the tools at their disposal. Our goal is to provide a single pane of glass view of alerts, creating a low-friction environment to triage and manage them. This is not just about who gets paged when, but also about using automation to gather intelligence and perform actions around incidents. Avoid fatigue, distraction, and information overload in your SOC. Stop the noise.
