/
Partners & Integrations

Illumio Integrates with Splunk to Improve Security Operations Response Time

Illumio adaptive microsegmentation technology is quickly becoming a foundational part of the security stack and an essential tool to protect applications running in data center and cloud environments. As we see customers roll out the Illumio Adaptive Security Platform (ASP) to protect more parts of their application environments, we also see them extend Illumio to more teams across their organization — like the Security Operations Center (SOC) teams who rely on tools like security information and event management (SIEM) to monitor environments for alerts and anomalies.

Illumio's integration with Splunk gives SOC teams the ability to quickly identify potentially compromised workloads and enables Illumio administrators to be able to monitor the health of the Illumio solution.

ill-blog_hero_image_Splunk-App_Release_v1
We integrate with Splunk in the following ways:

Illumio and Splunk server

Illumio ASP forwards audit events, policy events, and health of the Illumio solution directly to Splunk Enterprise Server, where the data can be integrated with existing security operations tools such as Splunk Enterprise Security, the Illumio App for Splunk, and SOC team workflows.

Illumio technology add-on (TA) for Splunk

The Illumio Technology Add-On for Splunk enriches Illumio Policy Compute Engine (PCE) data with Common Information Model (CIM) field names, event types, and tags. The TA enables Illumio data to be easily used with Splunk Enterprise Security, the Illumio App for Splunk, and other applications in the Splunk ecosystem.

The Illumio TA is available as a free download from Splunkbase here.

Illumio and Splunk enterprise security

Splunk Enterprise Security (ES) is a premium solution that provides customers with the ability to quickly detect and respond to internal and external attacks. Illumio integration with Splunk ES helps to simplify threat management and minimize risk. Splunk ES streamlines all aspects of security operations and is suitable for organizations of all sizes and expertise. The Technology Add-on for Illumio will tag incoming Illumio data with CIM tags so that Illumio data can be effectively used within Splunk ES.

The Illumio app for Splunk

The Illumio App for Splunk is a set of prebuilt dashboards that enhance Illumio integration with Splunk by providing security and operational insights into Illumio-secured environments. The Illumio App for Splunk comes with the following dashboards:

  • Security Operations Dashboard gives SOC staff insights to quickly pinpoint potential attacks and identify compromised workloads.
  • PCE Operations Dashboard gives Illumio admins a "single pane of glass" to monitor the health of all deployed and managed PCEs.
  • Workload Operations Dashboard provides Illumio admins with visibility into VENs, including details on workloads that were taken offline or suspended and potentially requiring manual intervention.

The Illumio App for Splunk is available as a free download from Splunkbase here.

Adaptive Response initiative

Illumio provides an Adaptive Response Action for use within Splunk ES, which enables the ability to quarantine potentially breached workloads. This allows SOC teams to take action on workloads exhibiting potentially risky activity by leveraging Splunk AR, the Illumio REST API, and Illumio policy to isolate the compromised workloads from other production workloads while still allowing access by forensic teams. By calling into the Illumio REST API, microsegmentation policies are applied instantaneously and contain the impact of the compromised workload within seconds.

The Adaptive Response capability is available as part of Splunk Enterprise Security solution. Read more about the Splunk Adaptive Response Initiative.


Integrating Illumio with SIEM platforms like Splunk gives SOC teams unique and critical insight into data center activity to augment their other alerts and feeds with the ability to quickly identify unauthorized communications that might be an indicator of a breach.

Related topics

No items found.

Related articles

Get Simplified Automation with Illumio Single Sign-On for the Microsoft Azure Active Directory App
Partners & Integrations

Get Simplified Automation with Illumio Single Sign-On for the Microsoft Azure Active Directory App

Get Illumio's SSO app for a simple, convenient, and secure way for organizations to manage user access to the Illumio PCE.

IBM Security's New Application Visibility and Segmentation Solution — Powered by Illumio
Partners & Integrations

IBM Security's New Application Visibility and Segmentation Solution — Powered by Illumio

How the Illumio Zero Trust Segmentation (ZTS) Platform leverages IBM's security services expertise and IBM X-Force Protection Platform

Illumio + AWS GuardDuty: Defend Against Malicious Anomalous Traffic
Partners & Integrations

Illumio + AWS GuardDuty: Defend Against Malicious Anomalous Traffic

Learn how the AWS GuardDuty and Illumio integration strengthens your defense against malicious anomalous traffic and reduces security risk.

No items found.

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?