Chuck Leaver – The Ziften And Splunk Active Response Framework Provides Significant Advantages

Written By Chuck Leaver CEO Ziften


We were the sponsor in Las Vegas for a fantastic Splunk.conf2014 program, we returned stimulated and chomping at the bit to push on even further forward with our servicen here at Ziften. A talk that was of particular interest was by the Security Solutions Architect for Splunk, Jose Hernandez. “Using Splunk to Automatically Alleviate Risks” was the name of his talk. If you want to see his slides and a recording of the talk then please go to

The use of Splunk to assist with mitigation, or as I like to describe it as “Active Response” is an excellent concept. Having all of your intelligence data flowing into Splunk is extremely powerful, and it can be endpoint data, outside risk feeds etc, and after that you will be able to act on this data really completes the loop. At Ziften we have our effective continuous monitoring on the endpoint solution, and being wed to Splunk is something that we are truly extremely proud of. It is a truly strong move in the right direction to have real time information analysis paired with the ability to react and take action against occurrences.

Ziften have actually produced a mitigation action which uses the available Active Response code. There is a demo video included in this post below. Here we had the ability to produce a mitigation action within our Ziften App for Splunk as proof of concept. After the action is created, results within Splunk ES (Enterprise Security) can be observed and tracked. This really is a major addition and now users will be able to monitor and track mitigations within Splunk ES, which offers you with the major benefit of being able to complete the loop and establish a history of your actions.

That Splunk is driving such an effort delights us, this is most likely to progress and we are dedicated to continually support it and make additional progress with it. It is extremely exciting at the moment in the Endpoint Detection and Response space and the Active Response Framework integrated into Splunk being added will definitely stimulate a high degree of interest in my viewpoint.

For any questions concerning the Ziften App for Splunk, please send an email to









No Responses Yet to “Chuck Leaver – The Ziften And Splunk Active Response Framework Provides Significant Advantages”

Leave a Reply