Tufin-Splunk Phantom Integration
Tufin SecureTrack integrates with Splunk Phantom to provide SOC analysts with unified real-time network visibility and policy intelligence to accelerate incident response based on a rich set of real-time data, while using automated, playbook-driven response in Splunk Phantom.
With the joint Tufin-Splunk Phantom app, security analysts can:
Automatically gather critical network intelligence to provide communication path context to incident indicators
- Visualize network topology and application connectivity to allow investigators enhanced visibility to quickly and accurately assess the possible scope of an incident
- Automatically initiate, design and implement network access changes using playbooks and Tufin workflows (e.g. to contain potentially infected systems)
- Maintain compliance and adherence to established change control processes throughout the incident, with full auditability
To enable the integration, enable the integration through Splunk Phantom's UI.
Be the first to review this app