Achieve more with a single pane view of your security events, reporting, forensics, and incident investigations. By integrating Rapid7 InsightVM and InsightIDR with Splunk Enterprise, an industry-leading platform for operational intelligence, you can detect, investigate, and respond to security threats more quickly and effectively. Rapid7 solutions collect, contextualize, and analyze data from Splunk Enterprise, equipping you to better protect against increasingly deceptive and pervasive adversaries.
Rapid7 InsightVM is the only vulnerability assessment solution that analyzes risk across vulnerabilities, configurations, and controls with awareness of the threat landscape faced by modern networks.
Vulnerability data from InsightVM’s scanning activities feeds into Splunk software so you can create alerts, raise alarms, or take other operational actions when attacks are happening on assets affected by vulnerabilities. This provides more insight into the current risk state of an organization’s infrastructure.
Rapid7 InsightIDR detects and investigates indicators of user compromise across your endpoints to your cloud services, so you don’t miss any attacks—including those attempted by intruders hiding behind stolen credentials (today’s most common attack tactic).
You can feed data from Splunk Enterprise into InsightIDR to detect and investigate compromised user accounts and malware, and gain direct visibility into their endpoints. The combination gives you multiple visualization and investigation options, while providing defense-in-depth with pre-built user and Attacker Behavior Analytics (ABA) and deception technology.
Figure 1: Rapid7 Dashboard for Splunk Enterprise
The Rapid7 Technology Add-On for Splunk complies with the Common Information Model (CIM), opening up Rapid7 security data and analytics to any other CIM-compliant application. CIM is an open standard that defines how managed IT systems are represented as a common set of objects and the relationships between them. This is intended to allow consistent maintenance of these managed elements, independent of their manufacturers or providers.
Simply download the Rapid7 Splunk Technology Add-On to integrate Splunk Enterprise with Rapid7 InsightVM and InsightIDR.
*All mentions of Rapid7 InsightVM associated with its integration with Splunk Enterprise also apply to Rapid7 Nexpose.
Download this Integration OverviewDownload PDF
Take this integration for a spin and experience the full functionality of InsightVM and InsightIDR for 30 days.Try Now
Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.Get Support