Splunk's Phantom and ATP together provides organizations the ability to orchestrate actions when an incident is generated in ATP. Out of the box playbooks allow companies to quickly take action on potential attacks against their organization. Additional Symantec product integrations in Phantom allow companies to have a one stop solution to automate actions across an entire portfolio of products from the endpoint though the network.
Register to download a fully-functional version of the Phantom Security Operations Platform with access to Symantec-specific automation and orchestration playbook.
The combination of Splunk and ATP not only provides the ability to collect and store security related data from multiple control points (email, network, end point) in a centralized location with the rest of the organizations data, but also allows them to manage incidents generated from the ATP product line and the ability to automate actions through Splunk’s Enterprise Security and Adaptive Response add-on module.
With the add-on Splunk apps for ATP and Security Analytics, companies can collect end-to-end forensic information from their endpoints using ATP and their network using Security Analytics.
Download the latest Symantec Apps for Splunk on Symantec Connect.
Leverage SEP Mobile integration with Splunk Enterprise Security. SEP mobile incidents can be ingested into Splunk.SIEM via a connector that feeds third-party SIEM systems with mobile security incidents. This allows SOC teams to take actions based on this information.