SOCAutomation Reveals Exciting Integration with Splunk ES SIEM



April 12, 2017

Josh Walker

London – April 12th, 2017 – Honeycomb Technologies, a leading provider of Security Orchestration and Automation (SOA) platform SOCAutomation, is excited to announce the integration with Splunk and Splunk Enterprise Security (ES) – Splunk’s Security Information and Event Management (SIEM) platform. The integration applies machine learning, automation and orchestration to security analytics and incident response, in turn enabling security teams and SOC’s to apply huge levels of efficiency and accuracy to their day-to-day security tasks and processes. The security team can now automate much of their security Business As Usual (BAU), typically reducing manual processes by 80%, freeing up these skilled security personnel to perform more interesting and high value tasks for the business.
SOCAutomation seamlessly plugs into Splunk and Splunk ES, using REST API’s, to achieve several layers of automation, namely;
– Automatically reads new alerts, termed notable events, from Splunk ES
– Calls Splunk to perform searches aimed at adding improved security context to an alert
– Closes open offences in Splunk once they are resolved, and can append incident notes
The platform rapidly adds the much needed context to incidents, making the security analysts job far ‘slicker’ by delivering knowledge to their fingertips. This much-needed context includes; collating Asset/Stakeholder information from Vulnerability/Patch /CMDB/Active Directory and any other CMDB tools; searching network and end-point tooling for detailed forensics; and data mining SIEM’s and other Big Data stores, to name a few. Once an analyst has this rich compendium of information, they can then quickly decide to escalate the alert to an incident. The powerful levels of automation saves much-needed time to the SOC to get to this stage, which means the volume of alerts can all be fully handled and increases the SOC’s processing power and accuracy hugely.
The integration generates Run-Books to remediate incidents, based on context. These Run-Books contain step-by-step guides on how each user should best respond to incidents and includes both manual and automated tasks.
The platform includes a huge library of automation use-cases, fully and easily customisable to fit specific security and IT environments/technologies. An advanced Automated Security Modelling (ASM) tool enables the security analyst to cater for any automation use-case, and crucially includes a comprehensive set of common security use cases out-of-the-box. Automators are scalable and distributed, enabling customers to run automation nearest to the relevant infrastructure or security tool being automated.
KPI’s, Dashboards and Reporting
The integration enables you to measure your security incident response in real-time. Fully customisable dashboards give each user a personalised graphical representation of the data, as well as incidents and alerts relevant to them – using a fully distributed and automated reporting engine. Dashboards and reports that can be generated are listed below:
– Incidents Handled by Severity
– Incident Response Timeliness
– Open Incidents/Closed Incidents
– Incidents Utilising Most Resources
– Incidents Requiring Further Investigation
– Incident Handling Satisfaction
– Damage From an Incident
– Process Workflow
– General Mission Success
– Fire Drill Results
– Lessons Learned
– Incident Response Performance
– Incident Costs

About Splunk

As one of the most powerful security technologies on the market, Splunk Enterprise Security (ES) labels itself as more than a conventional, legacy Security Information and Event Management (SIEM) technology – widely described as an ‘Analytics-Driven SIEM’. With powerful log correlation, real-time monitoring and rapid investigative capabilities, Splunk ES allows you to handle multi-step investigations – putting the power of security firmly within the hands of the organisation.


Honeycomb Technologies, based in Oxfordshire, England with international offices in London, Chicago and Hyderabad, is a market-leading pioneer of Security Automation and Orchestration (SOA), Incident Response and Task Management technologies – the flagship solution being SOCAutomation. SOCAutomation, designed for global SOC’s and Information Security teams, is a platform that interweaves and orchestrates security and infrastructure technologies. SOCAutomation automates both the enrichment and investigation of security incidents, together with the mitigation process, by integrating tools and people within a security workflow.
Honeycomb SOCAutomation makes best use of a company’s existing Security investment, and shields security teams from time-consuming and laborious investigations into a multitude of point security and infrastructure solutions.
SOCAutomation’s state-of-art and innovative Cyber Run-Books, alongside the powerful levels of integrations, enables companies to maximise the Return of Investment (ROI) of their security expenditure. Some of the key strategic relationships for SOCAutomation include; IBM QRadar, Splunk, ArcSight, Trend Micro, Cisco, Palo Alto Networks, Carbon Black, FireEye and McAfee – as well as all the leading ticketing solutions. SOCAutomation is available as an on-premise, virtual or Software as a Service (SaaS) based offering.

Tags: , , , , , , , ,