Optimizing your Splunk SOAR deployment with JupiterOne

By

You’ve probably already heard about our recent partnership announcement with Splunk. (Wait, you haven’t? Well, check it out here!)  

So by now, you should know that you can bring your JupiterOne data into your Splunk® Cloud Platform or Splunk® Enterprise deployment by downloading the new JupiterOne Add-on for Splunk, which powers the integration, and the JupiterOne App for Splunk, which provides a dashboard to visualize the results. Both the Add-On and App are available in Splunk’s app marketplace, Splunkbase™.

But that was just the beginning. JupiterOne and Splunk are building on their partnership to provide additional ways to help our joint customers combine structural (configurations and correlation with JupiterOne) and situational elements (events and activity with Splunk) to optimize their security operations. This time, JupiterOne has completed the integration with Splunk’s security orchestration, automation, and response (SOAR) system, Splunk® SOAR.

Visibility is everything in automation

Automation has revolutionized every major industry to allow teams to scale, companies to save, and revenues to grow.  But it would be a completely different story if instead of accelerating productivity, automation were to yield a faulty output over and over.

For automation to be relied on blindly by the organizations that invest in the technology, it needs to be programmed with precision to have complete visibility and understanding of everything it is doing on behalf of a human. Any mistake in the programming can severely affect the quality of the production. The same applies to automation in cybersecurity.

Splunk SOAR lets you orchestrate security workflows and automate tasks by delivering “instructions” to each tool you integrate it with. It is designed to make decisions for you based on programmed scenarios or “playbooks” that execute on actions like ingesting data and alerts from one tool, checking for specific indicators in the data, and triggering remediation actions on another tool. But if the data that it is relying on to trigger these behaviors isn’t thorough enough to ensure you have looked everywhere, then your level of confidence starts to quickly drop. That’s why you need JupiterOne.

Eliminating blind spots with complete cyber asset visibility

By adding JupiterOne as a step in your Splunk SOAR playbooks, you are extending the reach of your automated security investigations to include the depth and breadth of cyber asset visibility that you get with our platform. Leave no stone unturned by having Splunk SOAR automatically hunt for indicators across all your visible cyber asset data. That way, you can rest assured that Splunk SOAR will take thorough, automated actions based on the source of data.

splunk-soar-image

The research JupiterOne conducted for the 2022 State of Cyber Assets Report (SCAR) found that the average security team is responsible for 165,633 cyber assets, including:

  • 28,872 cloud hosts
  • 12,407 network interfaces
  • 55 applications per human employee
  • 59,971 data assets (including 3,027 secrets)
  • 35,018 user assets

That means that without JupiterOne, you could be blind to about 165,633 assets. Your next security breach could be hiding in one of them.

JupiterOne collects more asset data than any other vendor on the market, going beyond endpoints, IP addresses, users, and devices, to also ingest and aggregate data from CSPs, SaaS apps, code repos, IAM policies, security controls, vulnerability findings, and more. It then correlates all of this data to uncover relationships between assets and generate new finds. With JupiterOne’s complete inventory of all your cyber assets, and additional context about them, you’re enabling your Splunk SOAR deployment to perform at its best.

Want to learn more? Check out the JupiterOne app for Splunk SOAR in Splunkbase or request a demo to speak with a JupiterOne representative today.

Splunk and Splunkbase are trademarks or registered trademarks of Splunk Inc. in the United States and other countries.

Ale Espinosa
Ale Espinosa

Ale is JupiterOne’s VP of Product Marketing and Partnerships. With over 20 years of experience in high-tech marketing, including a decade in cybersecurity, Ale has navigated the alphabet soup of infosec acronyms throughout her career, including EDR/XDR, DFIR, SIEM, UEBA, SOAR, AI/ML, and now, CAASM.

Keep Reading

JupiterOne and AWS together help customers strengthen security posture
November 30, 2022
Blog
JupiterOne and AWS together help customers strengthen security posture

To help organizations of all sizes secure their cloud assets, JupiterOne announced a number of key initiatives with AWS this week at re:Invent.

How to visualize your data by use case with JupiterOne
November 23, 2022
Blog
How to visualize your data by use case with JupiterOne

The new Properties Panel and Managed Dashboards in the JupiterOne platform empower you to prioritize speed, efficiency, and organization!

Security will give up on users as a line of defense in 2023
November 23, 2022
Blog
Security will give up on users as a line of defense in 2023

In a recent debate on cybersecurity predictions for 2023, panelists disagreed on plenty. But they agreed: in 2023, security will give up on users as a line of defense

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.