Splunk Enterprise

Splunk Enterprise Security Integration

Seamlessly Integrate Splunk Enterprise Security with Lansweeper

Combining Lansweeper & Splunk Enterprise Security

  • Lansweeper's integration with Splunk SIEM enables IT security teams to benefit from immediate access to all the data they need to pinpoint a security threat, identify devices and users that are impacted, and make data-driven decisions about how to proceed.

  • Lansweeper automatically and continuously discovers IT assets across the IT infrastructure -- servers, laptops, desktops, virtual machines, operating systems, software and other assets deployed on your network -- to create an always-accurate, up-to-date IT asset inventory with detailed and granular IT asset data. Splunk SIEM users that leverage the Lansweeper Add-on for Splunk can access Lansweeper data instantly, right within Splunk SIEM - without having to chase down the information via phone calls, emails or IMs. They simply query Lansweeper using the IP or Mac address associated with the device in question, and the alert is quickly and automatically enriched with contextual data, accelerating incident response. 
  • The Splunk/Lansweeper integration helps SoC teams optimize operations and respond to threats much faster, with confidence and efficiency. Less time spent investigating security incidents means less risk, less frustration, and more time to work on solving problems. 

 

Webinar: Supercharge Splunk Enterprise
with Lansweeper

Enrich alerts and provide contextual data for incidents and threats.

 

Key Integration Features

This app can be used to get the IP/MAC-related information from Lansweeper either from CIM mapped fields or fields from indexed events into Splunk.

  • Added correlation search and integrated with the workflow actions to create notable events and find asset data from CIM compliant Splunk events
  • Added Investigation Dashboards
  • Added feature of workflow action to navigate to the Investigation Dashboards on clicking the field
  • Added feature for lsip and lsmac custom commands

Requirements

Lansweeper Add on for Splunk V1.0.0

Lansweeper license, cloud-enabled.

Lansweeper API Version – v2

Splunk Versions: 8.18.2Platform: Platform Independent

Documentation

Support

support@lansweeper.com

 

LICENSING

Splunk End User License for Third Party Content

Integration Category

Built By

Lansweeper helps you to minimize risks & optimize your IT by providing actionable insight into your entire IT estate.

Lansweeper Version

Cloud

Get Started with Splunk Enterprise