TRY NOW

Splunk SOAR Integration

Enrich Asset Data in Splunk SOAR with Lansweeper.

  • Lansweeper’s integration with Splunk SOAR puts detailed IT asset data at the fingertips of security teams, so they can contextualize security events and alerts instantly, with real-time granular information about devices, device location, installed software, users, and more. Based on the IP/MAC, Splunk SOAR fetches the Lansweeper enrichment data and automatically populates the information into alerts, enabling security analysts to gain actionable insights immediately, without having to source data from other tools or manually hunt it down. 
  • With rapid access to all the data they need to orchestrate a response, security teams can improve how they manage security operations, conduct threat hunting and incident response with confidence and efficiency, and automate security policies to protect their organizations. Through this important integration, SOC teams can fine-tune incident response strategies to improve their overall IT security posture.

Contextualize Security Events & Incidents:

While Splunk SOAR automates and streamlines orchestration to accelerate remediation, security teams still need to gather information about an event or incident before initiating the response. Questions they must answer include: 

  • What devices are impacted? 
  • Where are the devices located? 
  • Who’s using those devices? 
  • What OS and software are the devices running? 
  • Is there a software vulnerability on the device? 
  • What information is contained on the device, and is it sensitive or confidential information? 

Knowing the answers to these questions helps to pinpoint the threat and its potential impact, and prioritize next actions. Alerts don’t typically come with this information, however, even though all of it is essential for accelerating response time and stopping an attack. While teams spend time hunting down IT asset data, the attack could be spreading rapidly, causing massive damage. Threat investigations and responses are performed faster and at scale across complex or expansive IT infrastructures when IT asset enrichment data is instantly available within the SOAR solution. 

 

 

 

 

 

 

 

 

Key Integration Features

This Splunk app integrates with Lansweeper to perform investigative actions

Supported Actions Version 1.0.1

  • test connectivity: Validate the asset configuration for connectivity using supplied configuration
  • list authorized sites: Retrieve authorized sites from Lansweeper with their ID(s) and names
  • hunt ip: Fetch the details of the asset from the Lansweeper platform for the given site ID and IP address
  • hunt mac: Fetch the details of the asset from the Lansweeper platform for the given site ID and MAC address

Requirements

Lansweeper SOAR (phantom) V1.0.1 Lansweeper License, cloud enabled. Lansweeper API Version – v2 Splunk Licence- Apache License Version 2.0

Documentation

Support

support@lansweeper.com
NO CREDIT CARD REQUIRED

Ready to get started?
You’ll be up and running in no time.

Explore all our features, free for 14 days.