The Armis platform’s integration with Splunk® extends unmanaged and IoT device visibility and security to Splunk for a consolidated view of devices and risks that helps you keep your entire environment protected. Along with the rich asset inventory, risk assessment, and threat detection Armis provides, the Splunk add-on for OT Security expands existing Splunk Enterprise Security frameworks to improve security visibility in OT environments.
Key integration benefits:
Armis automatically discovers and generates a comprehensive inventory of all your assets. The Armis Device Knowledgebase of over 300 million device profiles provides you with a wealth of information about each device, like type, manufacturer, model, OS and version, location, reputation, applications used, and more. All of this information is made available right in Splunk, giving you all the information and context you need about devices in your environment.
Armis automatically performs a security risk assessment for every device in your environment, including an overall device risk score along with detailed information about a device’s risk profile. If a device’s behavior is considered risky, Armis can block or quarantine the device automatically and generates an alert for your security team in Splunk.
Armis is purpose-built to help you apply frameworks like CIS Critical Security Controls, NIST, and MITRE ATT&CK throughout your environment. Our platform provides broad-spectrum coverage that supports 11 of 20 Critical Security Controls, and 16 of the NIST CSF controls across the Identify, Protect, Detect, and Respond categories. And Armis can help you audit your network connections to measure your network’s integrity against the Purdue reference architecture.
Armis deploys without installing any endpoint agents or additional hardware. It requires no learning period to start identifying devices or detecting threats, so you can get started seeing value right away. Integration with Splunk is quick and easy too, using Armis connectors you can access from Splunkbase. Integration makes all of the rich information Armis provides available to your security team right in the SIEM interface they already know and use every day.
Visit Splunkbase to learn about the Armis Technical Add-on and the Armis Splunk App.