Lansweeper’s integration with Splunk SIEM enables IT security teams to benefit from immediate access to all the data they need to pinpoint a security threat, and identify devices and users that are impacted.
Lansweeper automatically and continuously discovers IT assets across the IT infrastructure — servers, laptops, desktops, virtual machines, operating systems, software and other assets deployed on your network — to create an always-accurate, up-to-date IT asset inventory with detailed and granular IT asset data. Splunk SIEM users that leverage the Lansweeper Add-on for Splunk can access Lansweeper data instantly, right within Splunk SIEM – without having to chase down the information via phone calls, emails or IMs. They simply query Lansweeper using the IP or Mac address associated with the device in question, and the alert is quickly and automatically enriched with contextual data, accelerating incident response.
The Splunk/Lansweeper integration helps SoC teams optimize operations and respond to threats much faster, with confidence and efficiency. Less time spent investigating security incidents means less risk, less frustration, and more time to work on solving problems.
Key Integration Features
This app can be used to get the IP/MAC-related information from Lansweeper either from CIM mapped fields or fields from indexed events into Splunk.
Added correlation search and integrated with the workflow actions to create notable events and find asset data from CIM compliant Splunk events
Added Investigation Dashboards
Added feature of workflow action to navigate to the Investigation Dashboards on clicking the field