Splunk + Vectra AI
Splunk and Vectra AI partner to solve the most persistent problem facing today’s enterprise cybersecurity teams – finding and stopping active cyberattacks while getting the most out of limited time and resources.
Faster, context-driven investigations into active cyberattackers
Speed up Investigations
Speed up investigations by having the Vectra Threat Detection and Response platform automatically triage and score hosts ranked by risk in Splunk dashboard
Enhance Workflows
Enhance workflows in Splunk across the entire attack lifecycle with Vectra’s visibility of all threats, known and unknown
Gain Valuable Insights
Gain valuable insight by enabling security teams to correlate detections from Vectra with other events in Splunk
Bring Vectra AI Detection to Workbooks in Splunk
The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
A link back into Vectra’s user interface allows a seamless transition to drive prioritization and workflow
Automate Response with Splunk Phantom
The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
Splunk Phantom receives alerts based on risk of a host from Vectra and respond automatically as defined by a Splunk Phantom playbook
Analysts can also manually trigger a response from the Vectra UI by using predefined event tags and take action before damage is done
