Automate security processes with Red Hat and Splunk
Integrate and orchestrate security tasks and processes with Red Hat® Ansible® Automation Platform and Splunk.
Splunk Enterprise Security (ES) is a Security Information and Event Management (SIEM) solution that allows security professionals to identify, prioritize, and manage security events as part of their investigation enrichment and response activities. Ansible Automation Platform helps organizations better assess risks, remediate issues, and develop compliance workflows through specialized modules to integrate and orchestrate security tasks and processes.
New: Red Hat and Splunk collaborate for automated action on Splunk ITSI and observability alerts. Learn the technical details here.
- Benefit from integration with Splunk ES
Ansible Automation Platform modules allow users to integrate Splunk ES in sophisticated security workflows through the automation of the following functionalities:
- Manage Splunk data inputs and monitor transmission control protocol (TCP) and user datagram protocol (UDP).
- Manage notable event adaptive responses.
- Retrieve information and manage correlation searches.
- Support incident response and remediation scenarios
The Splunk Enterprise Security Ansible collections, available on Ansible automation hub, contain both modules and plug-ins to support response and remediation scenarios. The modules also accommodate multiple use cases, such as Day 0 when you want to deploy a certain technology and subsequently connect it to Splunk Enterprise Security.
- Automate day-to-day security activities
Ansible Automation Platform allows teams to orchestrate repeatable processes for various security technologies involved in day-to-day activities. The agentless and straightforward automation process establishes a robust, more efficient, enterprise-wide IT foundation that’s ready to scale with a security focus. With Ansible Automation Platform, security teams can:
- Automate Splunk ES configuration.
- Access data sources programmatically to support investigation activities.
- Create correlation searches, and turn them on or off through workflows for incidents prioritization.
- Operate on notable events to change severity, ownership, and investigation profiles.
Collections are a distribution format for Ansible content that can include playbooks, roles, modules, and plugins. You can install and access the certified collections through the Red Hat Ansible Automation Hub in the Hybrid Cloud Console.
