INTEGRATION:

Ansible and Splunk

Automate Security Processes

Splunk Enterprise Security (ES) is a Security Information and Event Management (SIEM) solution that enables security professionals to identify, prioritize and manage security events as part of their investigation and response activities. Red Hat Ansible Automation Platform helps organizations better assess risks, remediate issues and develop compliance workflows through specialised modules to integrate and orchestrate security tasks and processes. These capabilities are designed to enable security analysts and operators to innovate, integrating their existing portfolio of security technologies through Red Hat Ansible Automation.

 

Ansible and Splunk ES, Integrated

Ansible is the open, agentless and powerful language security teams can use to interoperate across the various security technologies involved in their day-to-day activities.

Ansible modules allow users to integrate Splunk ES in sophisticated security workflows through the automation of the following functionalities:

  • Manage Splunk Data Inputs (Monitor, TCP, UDP)
  • Manage Notable Event Adaptive Responses
  • Retrieve information and manage Correlation Searches

 

Solution Benefits

  • Automate Splunk ES configuration
  • Access data sources programmatically to support investigation activities
  • Create, Enable and disable Correlation Searches through workflows for incidents prioritisation
  • Operate on Notable Events, like changing their severity, their ownership, investigation profiles, etc.

The Splunk Enterprise Security Ansible collections, available on Automation Hub, contain both modules and plugins to support response and remediation scenarios.  The modules are also designed to accommodate multiple use cases, such as day 0 when you want to deploy a certain technology and subsequently connect it to Splunk Enterprise Security.

 

 

Get Started


Explore the Community Ansible Collection for Splunk Enterprise Security

Download the Supported Ansible Collection for Splunk Enterprise Security (Ansible subscription required)

Contact us for an integration automation demo.

Cloud-Overview-banner-bg-2.jpg

RELATED RESOURCES

Partner Solution Brief

Red Hat and AWS deliver open source, agentless automation

Download Now

Tower Screenshot

Video Demo

Ansible + AWS - Automate EC2 Provisioning with Red Hat Ansible Engine and Red Hat Ansible Tower

Watch Video

Ansible + AWS

Video Demo

Ansible + AWS - Automate Serverless Application Deploys with Ansible

Watch Video