Splunk Security integration with Incident Response

Splunk Security provides monitoring and troubleshooting for your applications.  Your detector monitors and triggers alert based on conditions you define in rules and Incident Response ensures that the right people are working on these alerts.

What does Lightstep Incident Response offer Splunk Security users?

Alerts in Splunk Security trigger alerts in Incident Response. You can add Splunk Security as a new service or attach its alert remediation capabilities to an existing service.

Incident Response acts as a handler for these alerts and determines the right people to notify based on escalation policies, previously provided points of contact, and on-call schedules. Users are notified based on their notification preferences. Alerts are escalated until they are acknowledged or closed.

Functionality of the integration

When an alert is triggered in Splunk Security, Lightstep Incident Response receives event data in the form of JSON payload from Splunk Security, and an alert is created in Incident Response.