Siemplify™ today announced the introduction of its Splunk Query Engine for the company’s ThreatNexus™ end-to-end security operations platform. The new query engine enables security operations center (SOC) teams to upgrade the full scope of their security functionality, driving immediate productivity and security gains. It allows for centralized management, creation, control and scheduled execution of Splunk queries. The query engine creates an easily installed, comprehensive SOC solution layered upon an organization's Splunk deployment.
“Our customers with existing Splunk deployments are being challenged when asked to deliver security monitoring and incident response capabilities,” said Siemplify CEO Amos Stern. “While having a powerful data platform, they lack the capabilities to support a full security practice. By applying ThreatNexus to an existing Splunk deployment, security teams gain instant SOC and IR capabilities, from case management and visualization, to hunting, automation and reporting.”
The ThreatNexus Splunk Query Engine allows security operation centers to:
● Fuse Splunk log data with other security tools and data sources into a real-time, contextualized graph and achieve the full scope of ThreatNexus functionality.
● Centrally create, import and manage the execution of queries to support use-cases most relevant to the organization.
● Transform static log data from Splunk into actionable intelligence, driving increased ROI from legacy security investments in Splunk and other systems.
● Leverage existing Splunk deployments, with or without Splunk Enterprise Security.
The combination of integrated query capability with ThreatNexus case management, automation, investigation, reporting and integrated Threat Intelligence delivers a complete SOC solution out of the box.