Vectra + Splunk

Bring Vectra AI Detection to Workbooks in Splunk

The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
A link back into Vectra’s user interface allows a seamless transition to drive prioritization and workflow

Automate Response with Splunk Phantom

The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
Splunk Phantom receives alerts based on risk of a host from Vectra and respond automatically as defined by a Splunk Phantom playbook
Analysts can also manually trigger a response from the Vectra UI by using predefined event tags and take action before damage is done