How Splunk can help: Implementing automation and orchestration

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Analysts today are expected to respond to threats known and unknown, working twenty-four hours a day across teams, tools, and time zones. Adding more screens often means a higher chance of missing something. What analysts need is incident response, both centralized and customizable. They also need better instant search capability and point-and-click response in the same place as detection.

Using Splunk Mission Control, available to Splunk Enterprise Security customers, you can unify your security operations to shift your operational focus from minutia to mission. Among the valuable features in Splunk Mission Control are:

An incident review dashboard
Embedded investigative searches and automation workflows for enrichment and remediation
An integration with Splunk Enterprise Security for identity enrichment and threat intelligence frameworks
An integration with Splunk Threat Intelligence Management to provide additional context and enrichment to investigations
Response plans that provide guided actions to ensure that incidents are handled with consistency and follow best practices
Audit trails of your actions
Embedded SPL into searches to speed up investigation times

Watch the following video to see a demonstration of using Splunk Mission Control to investigate a PowerShell threat.