Dragos and Splunk have teamed to provide customers with a converged view of log data collected from both IT and OT networks. Security teams at industrial organizations can view ICS-focused datasets alongside the enterprise IT datasets collected in Splunk, providing analysts with improved overarching situational awareness and decision-making support.
This partnership expands the ICS cybersecurity ecosystem to ensure critical infrastructure and industrial organizations are better prepared with better visibility and better analytics – and are better able to protect their OT environments, regardless of where an adversary may attack. It will enable more effective SOC function – more effective threat hunts, ability to resolve incidents more quickly – for organizations concerned about ICS cybersecurity.
Together, Dragos and Splunk are providing ICS / OT focused cyber defenders with better tools, better visibility, better expertise – and ultimately, better outcomes.
Dragos ICS Threat Detection app for Splunk
The Dragos ICS Threat Detection app for Splunk delivers a converged view of log data collected from both IT and OT networks – enabling analysts with improved overarching situational awareness and decision-making support.
Learn more about how the Dragos ICS Threat Detection app for Splunk helps expand your cyber defenses.
Learn how to better protect your ICS environment with Dragos and Splunk.
Connect with Splunk
Frequently Asked Questions
What are we announcing?
Dragos is excited to launch the Dragos ICS Threat Detection app for Splunk. This app, now available from Splunkbase, integrates the Dragos Platform technology for Industrial Control Systems (ICS) security with Splunk. The Dragos Platform provides passive ICS network monitoring which produces improved asset identification & mapping, proactive anomaly & threat behavior detection, and threat response & recovery capabilities.
It provides cyber defenders at industrial organizations with a unified view of threats and events across the converged enterprise IT and industrial OT (operational technology) environment. Threats detected on OT networks via the Dragos Platform can now be easily integrated into Splunk deployments and visualized via the four types of detection dashboard, further enabling a more comprehensive response.
Learn more in our Dragos ICS Threat Detection app for Splunk release blog.
Splunk Inc. helps organizations ask questions, get answers, take actions and achieve business outcomes from their data. Organizations use market-leading Splunk solutions with machine learning to monitor, investigate and act on all forms of business, IT, security, and Internet of Things data. Join millions of passionate users and try Splunk for free today.
When is the app available?
Now. The Dragos ICS Threat Detection app for Splunk was released on 2019-Jul-23. You can download it from Splunkbase athttps://splunkbase.splunk.com/app/4601/.
What does the app provide?
This initial release of the Dragos ICS Threat Detection app for Splunk enables users to view and triage notifications produced by the Dragos Platform, and interact with the Splunk CIM to provide compatibility with native Splunk functionality.
This means that threats detected on OT networks via the Dragos Platform can now be easily integrated into Splunk deployments and visualized via the four types of detection dashboard further enabling a more comprehensive response.
Who is eligible for access? How much does it cost?
Access to the Dragos ICS Threat Detection app requires both a Splunk subscription and a Dragos Platform to function. No additional licenses are needed.