SailPoint Adaptive Response

The SailPoint Adaptive Response add-on allows Splunk administrators to automate security governance actions, such as revoking access from an enterprise user, using the powerful provisioning engine found in IdentityIQ. Automation begins when Splunk detects an alert and initiates a web-service request to one or more of a dozen action-specific endpoints available in SailPoint IdentityIQ after configuration. SailPoint IdentityIQ then creates, prioritizes, and processes the alert(s). The add-on also provides a way to retrieve all task results within Splunk®. It utilizes IdentityIQ API built upon the RESTful SCIM2.0 to achieve this. Along with the custom alert actions, the SailPoint Adaptive Response Add-on also provides two (3) new source types with in Splunk®. SailPoint Syslog Events: Used to collect Syslog events from IdentityIQ SailPoint Audit Events: Used to collect Audit events from IdentityIQ SailPoint Task Results: Used to collect Task results from IdentityIQ Users can configure these source type to collect events to Splunk® and populate a custom dashboard visualizing different types and details for these events.