Dragos Apps and Integrations for Splunk
The Dragos apps integrate different Dragos solutions into Splunk to provide users with improved visibility and process efficiency resulting in more secured industrial operations.
Dragos ICS Threat Intelligence App for Splunk
Overview: The Dragos Threat Intelligence App for Splunk enables users to automatically correlate and visualize Indicators of Compromise (IOCs) from their Dragos WorldView Threat Intelligence subscription with log data collected and contained within Splunk. This enables defenders to easily detect known malicious activities in incoming and outgoing traffic, domains, and applications. A set of customizable dashboards provide search results for log data compliant with the Splunk Common Information Model (CIM).
How it Works: Incorporating the Dragos OT-focused threat intelligence data into the Dragos Threat Intelligence App for Splunk improves visibility, reduces monitor fatigue and context switching, and speeds incident response. View IOCs directly in Splunk dashboards with a simple installation.
How to Access: Access to the Dragos Threat Intelligence App for Splunk requires both a Splunk subscription and a Dragos Threat Intelligence Subscription. No additional licenses are needed.
Dragos ICS Threat Detection App for Splunk
Overview: The Dragos ICS Threat Detection App for Splunk empowers users with the power of the Dragos Platform for ICS/OT asset visibility and threat detection to provide a unified view of threats and events across the converged IT and industrial OT environment. Notifications from Dragos Platform are shared with Splunk into the app where they can be categorized by their associated four detection quadrant, type and alert severity delivering a familiar and consistent user experience.
How it Works: The Dragos ICS Threat Detection App for Splunk integrates the Dragos Platform technology for Industrial Control Systems (ICS) security with Splunk. The Dragos Platform provides passive ICS network monitoring which produces improved asset identification & mapping, proactive anomaly & threat behavior detection, and threat response & recovery capabilities. It provides cyber defenders at industrial organizations with a unified view of threats and events across the converged enterprise IT and industrial OT (operational technology) environment. Threats detected on OT networks via the Dragos Platform can now be easily integrated into Splunk deployments and visualized via the four types of detection dashboard, further enabling a more comprehensive response.
How to Access: Access to the Dragos ICS Threat Detection app requires both a Splunk subscription and the Dragos Platform. No additional licenses are needed.
Dragos Add-On for Splunk
Overview: The Dragos Add-On for Splunk enables users to ingest data from supported Dragos products, including Dragos Platform, Dragos WorldView Threat Intelligence, and others. You can consume the data using other Dragos Apps for Splunk and any App you create for your security or IT requirements. This add-on supports all Dragos Apps for Splunk and provides CIM-compatible inputs for other Spunk Enterprise Apps.
How it Works: The Dragos Splunk Add-On provides the necessary logic to read and store Worldview IOCs in a Splunk key value store or index. Splunk users can craft custom queries themselves or leverage the Dragos Threat Intelligence App for Splunk. This expands the ICS cybersecurity ecosystem to ensure critical infrastructure and industrial organizations are equipped with enhanced threat visibility and better analytics, resulting in better protection of their OT environments – regardless of where an adversary may attack. It enables more effective SOC functions – more effective threat hunts, and the ability to resolve incidents more quickly – for organizations concerned about ICS cybersecurity.
How to Access: Access to the Dragos Add-On requires a Splunk subscription and the Dragos Platform OR Dragos Worldview. No additional licenses are required.