With the new Rapid7 InsightConnect App for Splunk, users can now send alerts directly from their Splunk instance to a Rapid7 InsightConnect workflow—all automatically and without any user intervention.
Spending time manually analyzing Splunk logs will be a thing of the past. This integration will allow you to send alerts directly from Splunk to an InsightConnect workflow and automatically enrich information with alerts, such as SSH attempts. In addition, you will be able to take action automatically, such as blocking bad-actor IP addresses and creating Jira tickets directly from alerts for future follow-up.
In addition to our new Splunk offering, we are also releasing to InsightConnect customers a new version of the Splunk plugin, complete with improvements and fixes to fulfill all your workflow and automation needs. With this plugin, you can create saved searches on the fly, run saved or ad hoc searches, and create new events based on information gathered from an InsightConnect workflow.
How it works
Our help documentation walks you through setting up workflows with API triggers in Splunk and how to connect it to InsightConnect workflows.