Partners
Splunk

Vectra and Splunk partner to solve the most persistent problem facing today’s enterprise cybersecurity teams – finding and stopping active cyberattacks while getting the most out of limited time and resources.

Speed up investigations by having Vectra Cognito automatically triage and score hosts ranked by risk in Splunk dashboard
Enhance workflows in Splunk with Vectras visibility of all threats, known and unknown in the entire attack lifecycle
Gain valuable insight by enabling security teams to correlate detections from Vectra with other events in Splunk

Bring Vectra Detection to Workbooks in Splunk

  • The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
  • Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
  • A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow
  • The Vectra App for Splunk provides an interactive dashboard to show the number of hosts classified as critical, high, medium, and low risk
  • Speed-up the investigations with drill-downs into each category to filter on that particular detection’s severity
  • A link back into the Vectra Cognito user interface allows a seamless transition to drive prioritization and workflow

Automate Response with Splunk Phantom

  • The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
  • Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
  • Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done
  • The Vectra Active Enforcement application for Splunk Phantom automates response by enabling quick and effective enforcement actions
  • Splunk Phantom receives alerts based on risk of a host from Cognito and respond automatically as defined by a Splunk Phantom playbook
  • Analysts can also manually trigger a response from the Cognito UI by using predefined event tags and take action before damage is done

See how Vectra and Splunk Partner Together

Bring Vectra Cognito Detect detections to Splunk with our app
Watch Video >
Vectra Cognito Stream application for Splunk speeds up investigations
Watch Video >

Additional Resources

Vectra in Splunk App Store
Brief: Splunk Phantom Integration
Blog: Splunk, Vectra and CrowdStrike - A Powerful Triad to Find and Stop Cyberattacks
Blog: Splunk Integration - a Deep-dive into the Adaptive Security Architecture
Contact Us

General: +1-408-326-2020

Sales: +1-408-326-2034

Support: support@vectra.ai

Headquarters

560 S. Winchester Blvd., Suite 200

San Jose, CA, USA 95128

Solutions
Cloud SecurityDetect RansomwareSecure Remote WorkforceThreat Hunting and InvestigationsRisk and ComplianceElevate Your SOC VisibilityReplacing Aging IDPSMITRE ATT&CK Model
Products & Services
Cognito PlatformHow We Do ItCognito DetectCognito Detect for
Office 365Cognito RecallCognito StreamServicesAPI ToolsVectra vs. DarktraceVectra vs. ExtraHop
Industries
Critical National InfrastructureEnergy and UtilitiesFederal GovernmentFinancial ServicesHealthcareHigher EducationManufacturingPharmaceuticals and Medical Devices
Partners
Partner ProgramManaged Service PartnersService PartnersTechnology PartnersPartner PortalCrowdStrikeMicrosoftSplunk
Resources
Case studiesCompetitiveCompliance BriefsDatasheetsE-booksIndustry ResearchProduct IntegrationsSolution OverviewsVideosWhite PapersBlog
About
CompanyLeadershipCareersNews ReleasesMedia CoverageRecognitionEvents & WebinarsSupport
Legal
Terms of ServiceTerms of UsePrivacy and SecurityVectra Ethics HotlineTrademarks

© 2020 Vectra AI, Inc. All rights reserved.