
We’re psyched to meet security leaders from across the globe next month at Splunk’s .conf22 at the MGM Grand in Las Vegas on June 13-16. This year’s in-person conference also includes the option to join virtually, so Splunkers from around the world can watch the all the sessions remotely, access the partner zone, hands-on labs, and get a .conf22 hoodie from the comfort of their couch. If you’re planning to be there in Vegas, don’t forget to say hi to D3 Security’s crew at our booth (#M111). Our representatives from sales, marketing, channel, and cyber engineering will all be there to share their knowledge and spread the word about our SOAR platform. We’ll also be giving away some D3 swag, so you’ll have something to remember us by.
As a leading vendor-agnostic SOAR platform, we have a long-standing association with Splunk, as many of our customers use its security, observability, and analytics products. We also love their dedication to the craft of making hilarious t-shirts. Out of our unlimited integrations, our bi-directional integration with Splunk is one of the most popular. Our SOAR platform integrates with Splunk Enterprise Security, IT Service Intelligence and Splunk User Behavior Analytics (UBA), enabling you to make the most out of these tools from a single interface. Splunk integrations are available in the D3 Marketplace within our SOAR tool. Simply add your credentials and begin to leverage our pre-built integration actions in our codeless, drag-and-drop playbook editor. This enables your SOC team to use Splunk to increase the speed and quality of triage and investigations and mitigate risks faster than ever before. Here are a few things you can do with D3’s SOAR integration with Splunk.
Read: SIEM vs. SOAR: How they Differ and Why they Work Well Together
D3 SOAR can ingest events from Splunk based on search parameters such as start and end time, number of events, and all the keywords, expressions, and possibilities mentioned on the Splunk documentation page. This is useful if you want to be alerted when certain conditions are met (for example: when an endpoint’s logs indicate potential anomalous activity). Such actions can be a part of your incident response playbook. Every single event ingested by D3 goes through our Event Pipeline, a global event playbook that rapidly ingests, de-duplicates, enriches, prioritizes, and dismisses/escalates notable events for remediation. D3 can also perform enrichment using historical data, and correlate events using threat intelligence frameworks like MITRE ATT&CK. D3’s integrations with hundreds of additional security and IT products, help SOC teams incorporate all the SecOps tools in their arsenal into their detection and response workflow – from ticketing systems and messaging tools to firewalls, endpoint protection tools, vulnerability scanners, and threat intelligence platforms. With D3 SOAR, your SOC team can prioritize and act on notable events first.
As we mentioned earlier, D3’s integration with Splunk is bi-directional. You can also push events enriched by D3’s SOAR tool into Splunk, which will allow you to graph and query them, making full use of Splunk’s capabilities. You can also update notable events by their Search or Event ID, assign a new owner, and update the event’s status or urgency. You can also execute commands in Splunk as part of a utility action, automation, or SOAR playbook.
Download: 2022 Gartner® Market Guide for Security Orchestration, Automation & Response Solutions
AT D3 Security, it’s our mission to empower SOC teams to fight advanced cyberattacks by providing a comprehensive, end-to-end automation and orchestration platform in which they can build and deploy playbooks that leverage all the tools at their disposal. Our goal is to provide a single pane of glass view of alerts, creating a low-friction environment to triage and manage them. This is not just about who gets paged when, but also about using automation to gather intelligence and perform actions around incidents. Avoid fatigue, distraction, and information overload in your SOC. Stop the noise.