PRUEBA AHORA
Cybersecurity

Lansweeper SIEM/SOAR Integrations: Enriched Alerts and Streamlined Workflows Optimize Incident Response

6 min. read
13/10/2022
By Lucia Dochita
SIEM-SOAR-Integrations-Featured-Image

When your network is jeopardized by a security event or system failure, every second counts. One hour of downtime costs organizations at least $1 million, and businesses lost $6 trillion to ransomware attacks and other cybersecurity events in 2021 alone. Meanwhile, cybersecurity professionals are hard to come by, and device proliferation resulting from digital transformation and hybrid workplace initiatives means there’s an ever-expanding cyber asset attack surface to protect with more technology assets than ever to monitor and manage.

IT teams rely heavily on Security Information and Event Management (SIEM) and Security Orchestration and Response (SOAR) platforms for the information they need to identify and act on IT issues and potential threats. While these tools are helpful, they’re not always thorough. They often provide minimal information – such as a MAC or IP address for an infected or damaged device – and little else. As a result, network operations teams must conduct lengthy investigations in order to pinpoint impacted devices, software and users, so they can triage the damage. These investigations are manual and time-consuming, and they delay remediation while preventing IT teams from focusing on more strategic tasks.

When SIEM and SOAR tools have access to an always-accurate inventory of technology assets across an organization, the process of identifying and remediating network issues and security events is greatly simplified and accelerated, saving organizations time, money and reputational damage. IT teams can use this information to proactively protect the infrastructure by identifying assets in need of upgrades and automatically rolling out critical software updates. 

Lansweeper integrates seamlessly with leading SIEM and SOAR tools, including Splunk ES, Palo Alto Cortex XSOAR, IBM QRadar, MSFT Sentinel, Splunk SOAR, providing complete and accurate technology asset data automatically, to enrich alerts and enable swift incident remediation. Let’s examine each of these integrations in detail.

Splunk-SOAR-Integration

Lansweeper for SIEM: Enriched Alerts Facilitate Rapid Action

SIEM tools are adept at triggering alerts when they spot anomalies or threats, so IT security teams can jump into action. However, as organizations continue to expand their IT infrastructure and the number of security incidents continues to increase, IT teams are finding it hard to keep up. Since enriching alerts is manual and tedious, security professionals spend the majority of their time focused on what they perceive to be high-priority events, which increases the risk of a serious threat slipping by undetected. According to IDC’s EDR and XDR 2020 Survey, 17% of alerts aren’t investigated, even though IT security teams spend hundreds of hours per week on investigations.

“With Lansweeper data delivered automatically along with alerts, users save time and effort while gaining the insights they need to rapidly isolate affected assets, accelerate remediation and minimize potential damage.”

Cassandra Lloyd - profile picture – Cassandra Lloyd, Director Technology Alliances at Lansweeper

The following SIEM solutions offer tight integrations with Lansweeper to address these problems:

Lansweeper + IBM Security QRadar

IBM’s SIEM solution, QRadar, enables IT security teams to detect, prioritize and respond to security threats. It automatically analyzes and aggregates data across thousands of devices, apps and endpoints and triggers alerts. A key capability is “offense” investigation, which enables teams to determine the root cause of a network event. 

The Lansweeper App for QRadar enriches “offense” notes with contextual data about users, assets and vulnerabilities that can be analyzed holistically for insights to enhance network security event and activity monitoring, and to simplify compliance reporting. Using the IP or MAC address, the App fetches Lansweeper data and populates the SIEM alerts, providing context right within QRadar and eliminating the need to hunt the information down. Lansweeper App for QRadar is available on the IBM Security App Exchange

Lansweeper + Microsoft Sentinel

A leader in Q4 2020 Forrester WaveTM for Security Analytics Platform Providers, Microsoft Sentinel is a cloud-based service that’s fast and simple to set up and use, and scales along with an organization’s changing security requirements without additional infrastructure costs. Microsoft’s Azure Logic App seamlessly connects Sentinel with Lansweeper, enabling users to automatically receive enriched alerts and contextualized IT asset data, to simplify and accelerate event investigation and response. Using Sentinel, security teams can develop playbooks for executing remediation actions in case of a security event. These playbooks can be used to orchestrate responses, isolate infected machines, and block accounts until the SOC has time to analyze the threat.

Splunk ES

Splunk’s market-leading SIEM solution arms IT security teams with actionable intelligence and advanced analytics, and provides visibility across multicloud and on-premises deployments. It correlates activities across these environments into a single pane of glass, to accelerate event investigations and response. Capabilities include event sequencing, risk-based alerting, and customizable dashboards and visualizations. Through the Lansweeper Add-on for Splunk, data from Lansweeper flows seamlessly into Splunk ES to enrich alerts with contextual data, eliminating manual threat hunting, speeding remediation and reducing risk. 

Integrations

Learn More About Lansweeper Integrationsu200b

Learn More

Lansweeper for SOAR: Simplified Event Remediation Workflows

Similar to investigating security events and alerts, locating the data necessary for decision-making and response orchestration is a lengthy and tedious manual process. IT resources can become overwhelmed with the task, and issue resolution is often delayed, potentially causing an organization thousands or millions in losses. 

“SOC teams use SOAR platforms to collate threat-related information across myriad data sources and automate response workflows to accelerate MTTR – and when granular data about devices, software and users is already available within the SOAR tool when an alert is triggered, incident remediation is much faster and easier.”

Cassandra Lloyd - profile picture – Cassandra Lloyd, Director Technology Alliances at Lansweeper

Lansweeper integrates with the following popular SOAR tools, providing contextual information for accelerating decision-making and automating remediation workflows:

Cortex XSOAR

Palo Alto Networks is a leading global cybersecurity provider. Their SOAR solution, Cortex XSOAR, is the industry’s only extended orchestration platform that unifies security automation, case management, real-time collaboration and threat intelligence management. It installs with the click of a button and optimizes workflows across security tools through automation. XSOAR integrates seamlessly with Lansweeper through the Lansweeper Cortex XSOAR Content pack, which can be downloaded on the Cortex XSOAR Marketplace.

Splunk SOAR

Formerly called Splunk Phantom, Splunk SOAR combines orchestration, playbook automation, case management and threat intelligence to help SOC teams accelerate incident response. The tool routes security incidents to the appropriate expert or analyst within an organization, and leverages an abstraction layer to translate user commends into tool-specific actions. This enables users to execute a series of actions – such as destroying infected files or isolating devices. Workflows can be created in Python or by using a no-code visual editor. The solution’s flexible app model connects to hundreds of tools via APIs, including Lansweeper

Integrations

Learn More About Lansweeper Integrationsu200b

Learn More

In addition to integrating with these leading SIEM/SOAR tools, Lansweeper integrates with ITSM, CMDB and other components of your technology stack, to help you unlock the power of technology asset data, optimize costs and simplify compliance across your organization. Read about our integration partners and how they’re using Lansweeper to enhance their solutions.