With the growing list of Azure services and various data access methods, it can be a little cloudy (pun intended) on what data is available and how to get all that data into Splunk. Example playbooks that can be readily deployed.If you're reading this, you're probably wondering how to get data from various Microsoft Azure services into Splunk.Over 30 SOAR actions that can be used in custom playbooks tailored to the customer’s environment or use case, including Live Response actions that are executed on the endpoints.Ingest CBC Alerts either directly via the REST API or via Splunk Enterprise via the Splunk app for Splunk SOAR.The Carbon Black Cloud integration with Splunk includes the following features: Further reduce pivoting between consoles by integrating endpoint context and response actions directly into the Splunk SOAR console.Using Splunk SOAR playbooks, operationalize your Carbon Black Cloud data with speed and confidence.The ability to orchestrate and automate Carbon Black Cloud actions.Additionally, customers can integrate their endpoint protection platform functionality either directly from the Carbon Black Cloud, or from Splunk SIEM (using the Splunk App for Splunk SOAR), and eliminate the need for outdated or custom-built integrations.Ĭustomers taking advantage of the integration between Carbon Black Cloud and Splunk that are we delivering through the Splunk App for Splunk SOAR will see the following benefits: Through this application, customers can integrate Carbon Black Cloud actions and data into Splunk SOAR workflows using a single application. Therefore we are proud to have announced the first release of a unified integration connecting the VMware Carbon Black Cloud platform with Splunk SOAR. Our joint customers also utilise the rich, bidirectional APIs available in Carbon Black such that SOAR playbooks can call upon our platform to automatically respond to attacks. It is common that these SOAR tasks (playbooks) take advantage of the rich telemetry and system security state information available from the Carbon Black Cloud pull information from the Carbon Black Cloud in order to improve the fidelity and speed of detections (of suspicious activity). Customers use the Phantom SOAR platform as a centralized means to drive automation of common and repetitive tasks, as well as to orchestrate the operation of such tasks across multiple, different security controls. The Splunk SIEM, and the associated Splunk Phantom SOAR enjoy significant market share and are commonly used across Carbon Black’s own customer base. ![]() This strategy, which we term an “Open Ecosystem” approach, recognizes the not insignificant investments of time, effort, and financial commitment that customers have already sunk into the other security controls they trust to protect their environments and underpin their Security Operations Centers (SOC). ![]() Our strategy at Carbon Black is founded on recognizing and supporting the need for out of the box integration with third party security solutions. SIEM/SOAR is a foundational tool in the Security Operations Center, which together with EDR, XDR, and other detective security controls provides the means to rapidly detect and respond to threats. Carbon Black Cloud is often deployed in organisations which have a mature enough security operations stance that a SIEM/SOAR platform is also deployed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |