Enrich Asset Data in Splunk SOAR with Lansweeper.
- Lansweeper's integration with Splunk SOAR puts detailed IT asset data at the fingertips of security teams, so they can contextualize security events and alerts instantly, with real-time granular information about devices, device location, installed software, users, and more. Based on the IP/MAC, Splunk SOAR fetches the Lansweeper enrichment data and automatically populates the information into alerts, enabling security analysts to gain actionable insights immediately, without having to source data from other tools or manually hunt it down.
- With rapid access to all the data they need to orchestrate a response, security teams can improve how they manage security operations, conduct threat hunting and incident response with confidence and efficiency, and automate security policies to protect their organizations. Through this important integration, SOC teams can fine-tune incident response strategies to improve their overall IT security posture.
Contextualize Security Events & Incidents:
While Splunk SOAR automates and streamlines orchestration to accelerate remediation, security teams still need to gather information about an event or incident before initiating the response. Questions they must answer include:
- What devices are impacted?
- Where are the devices located?
- Who's using those devices?
- What OS and software are the devices running?
- Is there a software vulnerability on the device?
- What information is contained on the device, and is it sensitive or confidential information?
Knowing the answers to these questions helps to pinpoint the threat and its potential impact, and prioritize next actions. Alerts don't typically come with this information, however, even though all of it is essential for accelerating response time and stopping an attack. While teams spend time hunting down IT asset data, the attack could be spreading rapidly, causing massive damage. Threat investigations and responses are performed faster and at scale across complex or expansive IT infrastructures when IT asset enrichment data is instantly available within the SOAR solution.