Learn how Industrial Defender integrates with 3rd party applications like Splunk in order to share ICS security data with more members of your security team.
Questions Answered in this Video
By integrating Industrial Defender with monitoring and CMDB tools like Splunk, ServiceNow and IBM QRadar, you can give more members of your security team access to your ICS asset and security data. This is important for organizations that are trying to converge security monitoring for IT and OT assets into one pane of glass or one team.
ASM uses a RESTful API to share data via Syslog and also file-level integrations. This allows a number of different integration configurations to take place, for example, sending syslog data to Splunk, or having the ability to check baselines in ServiceNow, or pulling a list of all of your assets into QRadar.
In Splunk, for example, you can show security event data as a Pareto chart to monitor MAC and IP address changes, create a dashboard to show the number of removable media events in the last 24 hours, and also dial into the raw data for each event without leaving Splunk.