Skip to main content

Dragos Apps and Integrations for Splunk

The Dragos Apps, integrate different Dragos solutions into Splunk, to provide users with improved visibility and process efficiency resulting in more secure industrial operations.

DOWNLOAD SOLUTION BRIEF

Dragos OT Add-On for Splunk

Screenshot from Dragos OT Add-On for Splunk

Overview: The Dragos OT Add-On and Splunk’s OT Security Add-on bridges the IT/OT divide by bringing OT cybersecurity data from the Dragos Platform into Splunk Enterprise Security. This integration brings a set of Dragos Platform capabilities into Splunk, enhancing visibility of OT environments by providing complete asset discovery, threat detection, and vulnerability management as well as enabling effective incident response.

This App provides users in-depth and context rich ICS/OT asset visibility so they can analyze multiple data sources within Splunk, including protocols, network traffic, data historians, host logs, asset characterizations, and anomalies to provide unmatched visibility of your ICS/OT environment.

How it Works: The Dragos OT Add-On app connects to the Dragos Platform, where users now have access to Dragos OT cybersecurity data inside of Splunk Enterprise Security. You can then use the raw data to build queries and dashboards that provide value for your organization. This improved visibility, detection, and response capability gives security teams a blended IT/OT view allowing them to appropriately prioritize analysis and response activities.

How to Access: To take full advantage of Splunk’s OT capabilities it’s recommended to install both Splunk Enterprise Security and the Splunk Security OT Add-On, along with the Dragos Platform deployment.

Dragos ICS Threat Detection App for Splunk

screenshot from Dragos ICS Threat Detection App for Splunk

Overview: The Dragos ICS Threat Detection App for Splunk gives ICS/OT cybersecurity teams the Dragos Platform asset alerts, to provide a unified view of threats & vulnerabilities from OT environments. Notifications from the Dragos Platform are shared with Splunk where they can be categorized by their associated detection type and severity allowing focused prioritization on what’s most important.

How it Works: The Dragos ICS Threat Detection App brings the four different alert types from Dragos Platform into Splunk.  Threats detected on OT networks via the Dragos Platform can now be easily integrated into Splunk deployments and visualized with a threat detection dashboard, further enabling a more comprehensive view.

How to Access: Access to the Dragos ICS Threat Detection app requires both a Splunk subscription and the Dragos Platform deployment. No additional licenses are needed.

Note: The Dragos Add-On is required to be installed first before this app. 

Dragos Threat Intelligence App for Splunk 

Dragos OT Add-On app connects to the Dragos Platform, where users now have access to Dragos OT cybersecurity data

Overview: The Dragos Threat Intelligence App for Splunk enables users to automatically correlate and visualize Indicators of Compromise (IOCs) from their Dragos WorldView Threat Intelligence subscription, with log data collected and contained within Splunk. This enables defenders to easily detect known malicious activities in incoming and outgoing traffic, domains, and applications. A set of customizable dashboards provide search results for log data compliant with the Splunk Common Information Model (CIM).

How it Works: Incorporating the Dragos OT-focused threat intelligence data into the Dragos Threat Intelligence App for Splunk, improves visibility, reduces monitor fatigue and context switching, optimizing incident response. View IOCs directly in Splunk dashboards with a simple installation. 

How to Access: Access to the Dragos Threat Intelligence App for Splunk requires both a Splunk subscription and a Dragos Worldview Threat Intelligence subscription. No additional licenses are needed.  

Note: The Dragos Add-On is required to be installed first before this app.

Dragos Add-On for Splunk

Note: This Add-on app is required to be loaded and installed for the Dragos ICS Threat Detection and Dragos Threat Intelligence app. Install before using.

How to Access: Access to the Dragos Add-On requires a Splunk subscription and the Dragos Platform or Dragos Worldview. No additional licenses are required.

Dragos Apps for Splunk

CapabilityLegacy 
Add-on 
Threat DetectionThreat IntelligenceNew OT 
Add-on
Asset InventoryX
Asset VisibilityX
Asset ZonesX
Asset InvestigatorX
Visibility of AlertsXX
Alerts (4 Types)XX
Worldview IOC APIX
Visualization of IOCsXX
Vulnerability ManagementX
Maps Dragos Data to  
Splunk Data Model
XX
Requires• Dragos Platform  
• Splunk 
• Dragos Platform  
• Splunk 
• Legacy Add-On 
• Dragos Worldview  
• Splunk  
• Legacy Add-On 
• Dragos Platform
• Splunk Enterprise Security 

Learn how to better protect your ICS environment with Dragos and Splunk.