/
Partners & Integrations

Illumio Integrates with Splunk to Improve Security Operations Response Time

Illumio adaptive microsegmentation technology is quickly becoming a foundational part of the security stack and an essential tool to protect applications running in data center and cloud environments. As we see customers roll out the Illumio Adaptive Security Platform (ASP) to protect more parts of their application environments, we also see them extend Illumio to more teams across their organization — like the Security Operations Center (SOC) teams who rely on tools like security information and event management (SIEM) to monitor environments for alerts and anomalies.

Illumio's integration with Splunk gives SOC teams the ability to quickly identify potentially compromised workloads and enables Illumio administrators to be able to monitor the health of the Illumio solution.

ill-blog_hero_image_Splunk-App_Release_v1
We integrate with Splunk in the following ways:

Illumio and Splunk server

Illumio ASP forwards audit events, policy events, and health of the Illumio solution directly to Splunk Enterprise Server, where the data can be integrated with existing security operations tools such as Splunk Enterprise Security, the Illumio App for Splunk, and SOC team workflows.

Illumio technology add-on (TA) for Splunk

The Illumio Technology Add-On for Splunk enriches Illumio Policy Compute Engine (PCE) data with Common Information Model (CIM) field names, event types, and tags. The TA enables Illumio data to be easily used with Splunk Enterprise Security, the Illumio App for Splunk, and other applications in the Splunk ecosystem.

The Illumio TA is available as a free download from Splunkbase here.

Illumio and Splunk enterprise security

Splunk Enterprise Security (ES) is a premium solution that provides customers with the ability to quickly detect and respond to internal and external attacks. Illumio integration with Splunk ES helps to simplify threat management and minimize risk. Splunk ES streamlines all aspects of security operations and is suitable for organizations of all sizes and expertise. The Technology Add-on for Illumio will tag incoming Illumio data with CIM tags so that Illumio data can be effectively used within Splunk ES.

The Illumio app for Splunk

The Illumio App for Splunk is a set of prebuilt dashboards that enhance Illumio integration with Splunk by providing security and operational insights into Illumio-secured environments. The Illumio App for Splunk comes with the following dashboards:

  • Security Operations Dashboard gives SOC staff insights to quickly pinpoint potential attacks and identify compromised workloads.
  • PCE Operations Dashboard gives Illumio admins a "single pane of glass" to monitor the health of all deployed and managed PCEs.
  • Workload Operations Dashboard provides Illumio admins with visibility into VENs, including details on workloads that were taken offline or suspended and potentially requiring manual intervention.

The Illumio App for Splunk is available as a free download from Splunkbase here.

Adaptive Response initiative

Illumio provides an Adaptive Response Action for use within Splunk ES, which enables the ability to quarantine potentially breached workloads. This allows SOC teams to take action on workloads exhibiting potentially risky activity by leveraging Splunk AR, the Illumio REST API, and Illumio policy to isolate the compromised workloads from other production workloads while still allowing access by forensic teams. By calling into the Illumio REST API, microsegmentation policies are applied instantaneously and contain the impact of the compromised workload within seconds.

The Adaptive Response capability is available as part of Splunk Enterprise Security solution. Read more about the Splunk Adaptive Response Initiative.


Integrating Illumio with SIEM platforms like Splunk gives SOC teams unique and critical insight into data center activity to augment their other alerts and feeds with the ability to quickly identify unauthorized communications that might be an indicator of a breach.

Related topics

No items found.

Related articles

Powerful Security Ops, Powerful Segmentation
Partners & Integrations

Powerful Security Ops, Powerful Segmentation

SecOps and segmentation. Discover how Illumio and Splunk can allow for better visibility into network attacks taking shape and enable responses in a click.

Illumio Core is Now Fully Qualified for the Oracle Exadata Ecosystem Running on Oracle Linux
Partners & Integrations

Illumio Core is Now Fully Qualified for the Oracle Exadata Ecosystem Running on Oracle Linux

Learn how Oracle and Illumio have partnered to allow Exadata customers to implement a simple, highly scalable, and comprehensive security solution for robust protection of Oracle workloads.

A Deeper Look at Illumio’s Integration with Palo Alto Networks
Partners & Integrations

A Deeper Look at Illumio’s Integration with Palo Alto Networks

Learn how pairing Illumio with Palo Alto Networks can address security at the network as well as at the workload.

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?