Vectra and Splunk partner to solve the most persistent problem facing today’s enterprise cybersecurity teams – finding and stopping active cyberattacks while getting the most out of limited time and resources.

Speed up investigations by having Vectra Cognito automatically triage and score hosts ranked by risk in Splunk dashboard
Enhance workflows in Splunk with Vectras visibility of all threats, known and unknown in the entire attack lifecycle
Gain valuable insight by enabling security teams to correlate detections from Vectra with other events in Splunk

Bring Vectra Detection to Workbooks in Splunk

  • The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
  • Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
  • A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow
  • The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
  • Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
  • A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow

Automate Response with Splunk Phantom

  • The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
  • Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
  • Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done
  • The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
  • Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
  • Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done

See how Vectra and Splunk Partner Together