IT environments typically have several point solutions that have difficulty integrating. Splunk software solves the problem of collecting security logs from disparate systems and correlating alerts to identify security incidents to help accelerate Incident Response Automation. Splunk Adaptive Response paired with Resolve creates a one-of-a-kind security incident response solution. Splunk and Resolve Systems officially announced their partnership in the Adaptive Response Initiative at the 2017 RSA Security Conference in San Francisco, California.
Resolve reduces the amount of time it takes organizations to investigate, contain and remediate security incidents by taking action on their Splunk data to deliver an organized and automated approach to incident response. Open collaboration and individual task assignments speed the response process along while every step is recorded in the Investigation Record to ensure accuracy. Resolve’s standards-based playbooks containing process guidance, human-guided, and closed loop automation can be invoked by Splunk Adaptive Response, allowing Security Teams to quickly analyze and respond to security incidents.
Resolve’s human-guided automation capabilities direct security analysts through simple decision trees to rectify incidents. Half the battle is differentiating real critical security incidents from false positives. With Resolve, security analysts are able to access secure systems and allowed to perform limited functions in a fully audited session, greatly reducing the need for escalation. If the incident does escalate, Resolve provides a breadcrumb trail of proceeding steps in the decision tree for easy backtracking.
Resolve Systems also boasts bi-directional integration with ticketing systems. Resolve provides close-looped automation through its ability to be invoked from tickets directly to execute response actions such as investigation and remediation. Watch what Resolve and Splunk are capable of in our demo video.
“Resolve’s Security Incident Response platform is a powerful solution that directly complements Splunk to greatly increase agent productivity and accelerate the resolution of security related incidents. By combining Splunk’s centrally positioned analytics-driven security platform with Resolve’s Incident Response Automation platform, we are thrilled to help security professionals around the world gather more context to detect threats quicker, execute guided processes more efficiently and deliver a more automated and rapid response against advanced attackers.” – Larry Lien, VP Product Management at Resolve Systems
Step 1: Access Splunkbase
Step 2: Type “resolve” into the search bar.
Step 3: Select “Resolve Add-on for Adaptive Response” from the drop down menu.
Step 4: Click “Login & Download”, enter your Splunk credentials, and begin downloading Resolve.
Resolve’s integration with Splunk doesn’t stop there. Check out additional capabilities below.
Automating network health checks & diagnostics accelerates service restoration during severe weather