Detection and Response

This app integrates with the Cybereason platform to perform investigative, contain, and corrective actions on Malop and Malware events

This app integrates with the SentinelOne Singularity platform to perform prevention, detection, remediation, and forensic endpoint management tasks

This app supports executing various endpoint-based investigative and containment actions on Carbon Black Response

The SentinelOne App For Splunk allows a SentinelOne administrator or analyst to interact with the SentinelOne product.

This app supports investigate and ingest actions on Vectra Active Enforcement platform

This app integrates with your ExtraHop system to gain insight into devices, traffic, and detections in your environment

This app integrates with the Palo Alto Networks Firewall to support containment and investigative actions

Cognito Detect: surface hidden threats from cloud to enterprise

This App integrates with Proofpoint to implement ingestion and investigative actions

This app integrates with an instance of Mimecast to perform generic, investigative, and containment actions

Cyberattacks can come from many different vectors, but they most commonly arrive via email. By using email to conduct phishing, business email compromise (BEC) attacks, brand impersonation and more, attackers leverage an organization’s weakest security link — its people — to wreak havoc. As a result, email is the No. 1 attack vector for security teams to secure.

Customers interested in integrating Proofpoint Protection Server (PPS) logs with Splunk can utilize this custom-built add-on. This technology add-on focuses on normalizing the filter logs based on the Splunk Common Information Model (CIM) for email.

This app implements virtualization actions for Microsoft Azure Virtual Machines

This app integrates with AWS Elastic Compute Cloud (EC2) to perform virtualization actions

The Microsoft Azure App for Splunk contains dashboards for data collected from:

The Splunk Add-on for Google Cloud Platform allows a Splunk software administrator to collect google cloud platform events, logs, performance metrics and billing data using Google Cloud Platform API. After the Splunk platform indexes the events, you can analyze the data using the prebuilt panels included with the add-on. You can then directly analyze the data or use it as a contextual data feed to correlate with other Google Cloud-related data in the Splunk platform.

This app supports various identity management actions on Okta

Connects to Azure AD Graph REST API services

This app integrates with Amazon Web Services Identity Access Management (AWS IAM) to support various containment, corrective and investigate actions

Using Okta Identity Cloud REST APIs the Okta Identity Cloud Add-on for splunk allows a Splunk® administrator to collect data from the Okta Identity Cloud. The Add-on collects data related to: • Event log information • User information • Group and Group Membership Information • Application and Application Assignment information