Splunk Enterprise data analytics help organizations leverage the data that their infrastructure and security tools provide, to understand their security posture, pinpoint and investigate risks, and create alerts and reports.
However, IT staff must then respond to any identified threats, violations and attacks. Any delay in response can result in significant security risks.
Combining ForeScout dynamic endpoint visibility, access and security capabilities with Splunk Enterprise’s data mining capabilities, security managers can achieve a broader understanding of their security posture, visualize key control metrics, and respond more quickly to mitigate a range of security issues.
Integration is fully bi-directional – CounterACT sends property, policy, and event information to Splunk, and Splunk sends alerts and action requests to CounterACT.
The result is enhanced threat insight, automated control, and greater operational efficiency.
Splunk’s Adaptive Response Framework describes a complete action flow, which includes requesting an action be applied to an endpoint, and tracking the status of the action taken.
This integration supports the Splunk Adaptive Response workflow as follows:
Certified for Splunk and Splunk Cloud
- Support for Splunk Enterprise Security and the Splunk Adaptive Response Framework
- Enhanced Mapping of CounterACT Data to CIM Models
- Apply Any CounterACT Action from Splunk Searches
- New Properties and Policies for Splunk Alerts
- New Dashboards
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.