Dragos OT Add-On for Splunk
Overview
Details
Dragos OT Add-On for Splunk
Overview:
The Dragos OT Add-On bridges the IT/OT divide by bringing OT cybersecurity data from the Dragos Platform into Splunk Enterprise Security. This integration brings a set of Dragos Platform capabilities into Splunk, enhancing visibility of OT environments by providing complete asset discovery, threat detection, and vulnerability management as well as enabling effective incident response. This provides users in-depth and context rich ICS/OT asset visibility that analyzes multiple data sources including protocols, network traffic, data historians, host logs, asset characterizations, and anomalies to provide unmatched visibility of your ICS/OT environment.
How it Works
The Dragos OT Add-On can be installed and configured to connect to the Dragos Platform and ingest data into Splunk. You can then use the raw data to build queries and dashboards that provide value for your organization.
In order to take full advantage of Splunk's OT capabilities its recommended that you install both Splunk Enterprise Security and the OT Security Add-on for Splunk. You can then follow the SOT Security Add-on for Splunk and Dragos OT Add-On configuration instructions to get access Dragos data inside these additional applications. This provides integration with Splunk's Asset Framework, advanced pre-built dashboards, and security alerting. This improved visibility, detection, and response capability gives security teams a blended IT/OT view allowing teams to appropriately prioritize analysis and response activities.
How to Access
To use the basic Dragos OT Add-On functionality a Dragos Platform license is required. To utilize advanced features within Splunk Enterprise and the OT Security Add-on for Splunk a Splunk Enterprise Security license is required.
Release Notes
Version 1.0.0
- Initial release