Splunk App Integration Overview
The integration of SentinelOne and Splunk empowers organizations to combine the strengths of their Splunk deployments to collect, monitor, analyze and visualize massive streams of machine data, with the visibility, detection, response, remediation and forensics capabilities of SentinelOne. SentinelOne offers deep integration with Splunk, enabling joint customers to maximize the value of their SIEM and EDR investments.
How Does it Work?
With the SentinelOne Technology Add-on (TA) for Splunk, clients can take advantage of a prebuilt ingestion pipeline that includes parsing of syslog events, mapping to Splunk Common Information Models (CIM), and saved searches.
With the SentinelOne App for Splunk, clients can easily perform endpoint triage and response from within the Splunk console. The app provides rich capabilities for viewing endpoint and threat information at a glance and once a threat has been confirmed, Adaptive Response Actions in Splunk can automatically trigger a response in SentinelOne. The combined solution provides SOC teams with unparalleled visibility and context. An integrated workflow to respond to threats with consistency and reduce mean time to response (MTTR).