Reducing Incident Response Times with Splunk Adaptive Response

Mar 07th 2019

Typical enterprise security architectures involve tools and products from multiple vendors. An unfortunate reality is these tools and products are not designed to work together out-of-the-box. The Splunk Adaptive Response Framework solves this challenge by connecting all of these products through pre-configured actions. Security teams using the VMRay Add-On for Splunk can leverage these pre-configured actions to reduce response times during an investigation.

In the short video below, we will demonstrate a common scenario where Splunk Enterprise Security receives a notification about a suspicious email with a URL and an attached file. The Security Team will perform a number of pre-configured Adaptive Response actions such as detonating the URL and looking up the attached file hash in VMRay Analyzer. We will show you how to automatically send the URL and attached file to VMRay Analyzer for analysis and the actions that can be taken after the analysis results are imported back into Splunk Enterprise Security.