TechNOLOGY INtegration
Incydr™ + Splunk Phantom
Surface risk to data and accelerate response to insider threats
Type
Integration
Category
SOAR
Data Directionality
Out of Incydr
Supported By
Code42
How the integration works
This integrated offering combines the visibility and context of Code42 Incydr – including its library of hundreds of Risk Indicators used to prioritize risk – with Splunk Phantom’s comprehensive security orchestration platform to enable security teams to scale, standardize and automate their insider threat processes.
Key features
- Automate workflows: Pre-built playbooks triggered by Incydr alerts help you to automate incident response activity
- Manage departing employees: Use Splunk Phantom to add or remove employees from departing employee and high risk employee Incydr Watchlists
- Forensic Search: Obtain complete context about exfiltrated files, including user, file and exposure type, file size and data source
Benefits of the integration
Faster response
Streamline alerts and automate workflows to reduce the time it takes to detect and respond to data risk events
Complete context
Quickly investigate file exposure or exfiltration across endpoints, email, cloud and SaaS apps – without leaving Splunk Phantom
Increased productivity
Close incident tickets faster by automating response and remediation procedures via Splunk Phantom
Additional resources
- How to Guide: Incydr + Splunk Phantom
- Three Questions Every CISO Should Ask When Building an Insider Risk Program
- Install and manage the Incydr app for Splunk Phantom
Data SECURITY ASSESSMENT