Partners
Splunk

Vectra and Splunk partner to solve the most persistent problem facing today’s enterprise cybersecurity teams – finding and stopping active cyberattacks while getting the most out of limited time and resources.

Speed up investigations by having Vectra Cognito automatically triage and score hosts ranked by risk in Splunk dashboard
Enhance workflows in Splunk with Vectras visibility of all threats, known and unknown in the entire attack lifecycle
Gain valuable insight by enabling security teams to correlate detections from Vectra with other events in Splunk

Bring Vectra Detection to Workbooks in Splunk

  • The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
  • Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
  • A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow
  • The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
  • Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
  • A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow

Automate Response with Splunk Phantom

  • The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
  • Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
  • Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done
  • The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
  • Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
  • Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done

See how Vectra and Splunk Partner Together

Vectra Cognito Detect App for Splunk
Watch Video >
Vectra Cognito Stream App for Splunk
Watch Video >

Additional Resources

Vectra in Splunk App Store
Brief: Splunk Phantom Integration
Blog: Splunk, Vectra and CrowdStrike - A Powerful Triad to Find and Stop Cyberattacks
Blog: Splunk Integration - a Deep-dive into the Adaptive Security Architecture
Contact Us

General: info@vectra.ai

Support: support@vectra.ai

Headquarters

550 S. Winchester Blvd., Suite 200

San Jose, CA, USA 95128

Solutions
Data CenterAWSAzure ADHybrid CloudM365Data BreachRansomwareSupply Chain AttackAccount Compromise
Products
Vectra PlatformSidekick MDRHow We Do It
Competitive
Vectra vs. DarktraceVectra vs. ExtraHop
Partners
Partner ProgramManaged Service PartnersService PartnersTechnology PartnersPartner PortalAWSCrowdStrikeMicrosoftSplunk
Resources
Case studiesCompetitiveCompliance BriefsDatasheetsE-booksIndustry ResearchProduct IntegrationsSolution OverviewsVideosWhite PapersBlog
About
CompanyLeadershipCareersNews ReleasesMedia CoverageRecognitionEvents & WebinarsSupport
Legal
Terms of ServiceTerms of UsePrivacy and SecurityVectra Ethics HotlineTrademarks

© 2022 Vectra AI, Inc. All rights reserved.