Resolve and Splunk form a powerful combination to detect, investigate, and remediate enterprise security and IT incidents

Resolve utilizes a unique incident resolution approach that blends together a standardized incident response process with step-by-step instructions and machine assisted decision support with interactive automations as a part of the incident investigation and remediation process. Support and Security Analysts can leverage and execute human-guided automations as a part of the process to achieve resolution.

Splunk Integration with Resolve Systems

Collect and Index Data

Collect and index log, machine, and security data for IT Operations and Security teams

Incident Validation Automation

Automate the validation of IT and Security incidents to focus resources on real incidents and threats

Correlate and Analyze

Find patterns between events and big data about outages and security threats

Interactive Diagnostics Dashboard

Consolidate presentation of complex diagnostic results to help agents streamline process

Visualize and Report

Create dashboards to visualize trends and characteristics

Accelerated Incident Resolution

Human guided automation and interactive decision trees allow agents to rapidly resolve complex IT and security incidents

Optimize the Value of Splunk Data with an Incident Resolution Platform

Resolve + Splunk for Security

Resolve + Splunk for IT Operations

Resolve takes action on your SIEM data and delivers intelligent incident response and automation to maximize Splunk Security intel. Our incident resolution approach couples detection and remediation automation with human processes. Workflow orchestration helps teams coordinate the execution of activities more efficiently while process guidance and playbooks provide details on how to carry out specific incident response activities.

Intelligent orchestration of security response process with step-by-step instructions and machine-assisted decision support accelerate incident resolution and optimize security resources.

Provide analysts the option to enact automations at points through the incident response journey without direct access to systems. End-to-end automations can be utilized for hands free diagnostics or resolutions.

Improve collaboration and cross-functional capabilities by leveraging automations and eliminating inter-department requests allowing security agents to verify and gather critical data directly within seconds.

Enable Splunk ITSI operators to accelerate the resolution of events through process guidance, step-by-step procedures and interactive automations. An incident resolution dashboard provides a contextual, single view of the incident remediation process along with validation and diagnostic results. Intelligent decision trees and human-guided automation increases first response resolution and eliminates the need to escalate.

Keep agents focused and productive by eliminating false and transient alarms through intelligent validation automation.

Empower agents with an incident resolution dashboard where they can quickly and easily view results of automated validation and diagnostic tests.

Provide agents with easy-to-follow troubleshooting actions through decision trees and interactive process guidance. Human-guided automations can resolve incidents without providing direct access to critical systems.

Sample Use Cases

Security Operations

Splunk Use Cases

Resolve Actions

Detect and Investigate Malware

Act Against Affected Host, Isolate Host and Network Traffic

Detect and Stop Data Exfiltration

Block Data Transfer, Disable Compromised User Account, Reset Password

Privileged User Monitoring

Investigate User Source, Disable Compromised Account, Reset Password

Using DNS Data to Identify Patient Zero Malware

Act Against Affected Host, Isolate Host and Network Traffic

Zero-Day Attacks

Act Against Affected Host, Isolate Host and Traffic

Fraud: Detect Account Takeovers

Validate, Investigate, Disable Compromised Account, Reset Password

Compliance: Detect When a Critical System Stops Sending Logs to Splunk

Check State of Logging Service, Restart Service, Escalate if Automated Triage Unsuccessful

IT Operations

Splunk Detection

Resolve Actions

Service Down

Check for service running, restart service

Server Restart

Check for systems availability, connect, issue restart, validate restart

Link Down

Execute device-specific commands, restart if necessary

Disk Space

Check for large files, specific file extensions, locations, remove file

Thread Count

Identify PID, Kill, Restart

Circuit Down

Execute device-specific commands, restart if necessary

NOTE: For all ITSI events, Resolve validates the alert, creates and/or updates incidents and updates the event

Accelerate Incident Response and Automation Today.

Additional Resources with Splunk and Resolve Systems