Splunk gives security, IT operations and application delivery teams powerful insights and valuable operational intelligence across your entire organization. Its powerful search, visualization and alerting capabilities enable them to understand current operations more effectively than ever before, and configure simple alert actions to respond to certain issues automatically.
But when difficult operations issues arise, splunk’s simple script and web-hook alert actions may not be enough. And waiting for human-scale response times to incipient cyber activity or complex IT system failures means greater impact to operations.
With >rapid response, your operations teams can easily capture their deep expertise into powerful custom alert actions that execute within milliseconds. >rapid response alert actions enable your operations teams to systematically orchestrate and track response actions at all layers of the stack across the entire enterprise in real-time, all the while maintaining secure positive control over all automated actions.
But where>rapid response really shines is in its ability to automate sophisticated dynamic response strategies – strategies that dynamically interact with splunk’s powerful search and analysis capabilities to drill down on an issue, determine root cause, and orchestrate the most effective response actions for the situation.
rapid response consists of two parts:
1. rapid response app – installs on the Splunk server
2. rapid response service (AppSymphony) – installs on its own host
You can download the >rapid response app from Splunkbase.
rapid response server is available http://optensity.com/rapid-response">here.
http://optensity.com/rapid-response-getting-started/">Installation and setup instructions
[>rapid response Sales Page] (http://optensity.com/rapid-response/)
[>rapid response FAQ] (http://optensity.com/rapid-response-faq/)
>rapid response Product Brief
>rapid response White Paper
Composing >rapid response Apps
2.0.1 addresses certification findings
Added full support for Splunk Enterprise running on MS Windows.
updated .../default/savedsearches.conf to disable realtime alert per certification precheck. this alert is only used to verify successful installation.
update addresses certification code review issues (10/25/17, 15:29)
proper use of splunk password storage endpoints
replaced keytool with openssl to acquire >rapid response service cert
added https access to >rapid response service to satisfy Splunk certification requirements
removed need to store Splunk credentials in >rapid response apps
revised initial password set
rapid response for Splunk® 1.0.2
Documentation: http://optensity.com/rapid-response-splunk/
Installation Instructions: http://optensity.com/getting-started-with-rapid-response
Revised Common Action Model configuration.
corrected 3 of 4 certification test failures.
rapid response for Splunk® 1.0.0
Documentation: http://optensity.com/rapid-response-splunk/
Installation Instructions: http://optensity.com/getting-started-with-rapid-response
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.