Lansweeper Add On For Splunk

While Splunk SOAR automates and streamlines orchestration to accelerate remediation, security teams still need to gather information about an event or incident before initiating the response. Questions they must answer include: ​ What devices are impacted? ​ Where are the devices located? ​ Who's using those devices? ​ What OS and software are the devices running? ​ Is there a software vulnerability on the device? ​ What information is contained on the device, and is it sensitive or confidential information? ​ Knowing the answers to these questions helps to pinpoint the threat and its potential impact, and prioritize the next actions. Alerts don't typically come with this information, however, even though all of it is essential for accelerating response time and stopping an attack. While teams spend time hunting down IT asset data, the attack could be spreading rapidly, causing massive damage. Threat investigations and responses are performed faster and at scale across complex or expansive IT infrastructures when IT asset enrichment data is instantly available within the SOAR solution. This Splunk app integrates with Lansweeper to perform investigative actions: 1.test connectivity: Validate the asset configuration for connectivity using supplied configuration 2.list authorized sites: Retrieve authorized sites from Lansweeper with their ID(s) and names 3.hunt ip: Fetch the details of the asset from the Lansweeper platform for the given site ID and IP address 4.hunt mac: Fetch the details of the asset from the Lansweeper platform for the given site ID and MAC address Contact us at [email protected] if you have questions