Rapid7 is excited to announce our new integration between InsightConnect and Splunk. With the new Rapid7 InsightConnect App for Splunk, users can now send alerts directly from their Splunk instance to a Rapid7 InsightConnect workflow—all automatically and without any user intervention.
What is InsightConnect?
InsightConnect is Rapid7’s Security Orchestration, Automation and Response (SOAR) solution that is purpose-built to accelerate your teams and tools through automation. This SOAR tool helps accelerate and streamline time-intensive processes to free up your team to tackle other challenges. InsightConnect does this by connecting your tools together so that each tool is used to its max potential, connecting the dots between them to better inform your security teams and enrich your data and security alerts. This leads to a major improvement in operational efficiency.
Getting started with the InsightConnect App for Splunk
Setup is quick and easy, and spending time manually analyzing Splunk logs will be a thing of the past with the new InsightConnect workflow integration. For example, this integration will allow you to send alerts directly from Splunk to an InsightConnect workflow and automatically enrich information with alerts, such as SSH attempts. In addition, you will be able to take action automatically, such as blocking bad-actor IP addresses and creating Jira tickets directly from alerts for future follow-up.
In addition to our new Splunk offering, we are also releasing to InsightConnect customers a new version of the Splunk plugin, complete with improvements and fixes to fulfill all your workflow and automation needs. With this plugin, you can create saved searches on the fly, run saved or ad hoc searches, and create new events based on information gathered from an InsightConnect workflow.