March 8, 2018 • Resolve Staffer

Find it with Splunk. Fix it with Resolve | Incident Response Automation

IT environments typically have several point solutions that have difficulty integrating. Splunk software solves the problem of collecting security logs from disparate systems and correlating alerts to identify security incidents to help accelerate Incident Response Automation. Splunk Adaptive Response paired with Resolve creates a one-of-a-kind security incident response solution. Splunk and Resolve Systems officially announced their partnership in the Adaptive Response Initiative at the 2017 RSA Security Conference in San Francisco, California.

Resolve reduces the amount of time it takes organizations to investigate, contain and remediate security incidents by taking action on their Splunk data to deliver an organized and automated approach to incident response. Open collaboration and individual task assignments speed the response process along while every step is recorded in the Investigation Record to ensure accuracy. Resolve’s standards-based playbooks containing process guidance, human-guided, and closed loop automation can be invoked by Splunk Adaptive Response, allowing Security Teams to quickly analyze and respond to security incidents.

Resolve’s human-guided automation capabilities direct security analysts through simple decision trees to rectify incidents. Half the battle is differentiating real critical security incidents from false positives. With Resolve, security analysts are able to access secure systems and allowed to perform limited functions in a fully audited session, greatly reducing the need for escalation. If the incident does escalate, Resolve provides a breadcrumb trail of proceeding steps in the decision tree for easy backtracking.

Splunk Adaptive Response and Resolve Systems Incident Response Video

Resolve Systems also boasts bi-directional integration with ticketing systems. Resolve provides close-looped automation through its ability to be invoked from tickets directly to execute response actions such as investigation and remediation. Watch what Resolve and Splunk are capable of in our demo video.

Larry Lien Incident Response Automation Expert

“Resolve’s Security Incident Response platform is a powerful solution that directly complements Splunk to greatly increase agent productivity and accelerate the resolution of security related incidents. By combining Splunk’s centrally positioned analytics-driven security platform with Resolve’s Incident Response Automation platform, we are thrilled to help security professionals around the world gather more context to detect threats quicker, execute guided processes more efficiently and deliver a more automated and rapid response against advanced attackers.” – Larry Lien, VP Product Management at Resolve Systems

Download Resolve Add-on for Adaptive Response

Step 1: Access Splunkbase

Splunkbase Incident Response Automation

Step 2: Type “resolve” into the search bar.

Splunkbase Resolve Search

Step 3: Select “Resolve Add-on for Adaptive Response” from the drop down menu.

Splunkbase Resolve Systems Search

Step 4: Click “Login & Download”, enter your Splunk credentials, and begin downloading Resolve.

Resolve Add On for Splunk Adaptive Response

Resolve’s integration with Splunk doesn’t stop there. Check out additional capabilities below.

Resolve Staffer

About the Author, Resolve Staffer:

This post was written by one of the awesome contributors on the Resolve team.