Packaged Integrations

Packaged Integrations

ObserveIT and our partners have built a number of integrations and plugins that work right out of the box with many popular SIEMs and other tools.

These integrations provide security analysts and investigation teams with user activity metadata, smart user behavior alerts and user context to help identify and investigate Insider Threats and other user-based threats directly from within the App. Security teams can correlate ObserveIT metadata to create smarter alerts and stop threats before they happen.

Below are links to guide you.

Splunk: ObserveIT’s Splunk integration is easy to install from Splunkbase, allowing visualization and correlation between your ObserveIT insights and the other events on your network.

• ObserveIT Add On
• ObserveIT App
• User Guide

IBM QRadar: ObserveIT’s QRadar integration is easy to install from IBM’s X-Force App Exchange and will bring your ObserveIT data into QRadar so you can correlate with data from other sources and manage Critical Alerts as Offenses.

• ObserveIT App
• User Guide

McAfee ESM: ObserveIT integration with McAfee ESM brings the powerful ObserveIT insights into your SIEM, so you can manage your alerts and correlate ObserveIT’s user context with your other data feeds.

• User Guide
• Integration using CEF Logs
• Integrating ObserveIT with HP ArcSight CEF

ArcSight: ObserveIT’s Arcsight integration is easy to install from MicroFocus’ ArcSight Marketplace and will bring your ObserveIT data into your SIEM so you can manage your alerts and bring meaning to the data from other systems with ObserveIT’s user context.

• ArcSight Config Guide
• Integration using CEF Logs
• ArcSight Marketplace

LogRhythm: By correlating ObserveIT’s powerful user context with the other data sources in your SIEM, a complete picture of a user’s activities will emerge, allowing for creation of smarter alerts and quicker threat elimination.

• Configuration Guide
• Integration using CEF Logs

AlienVault: ObserveIT integration with AlienVault brings the powerful ObserveIT insights into your SIEM, so you can manage your alerts and correlate ObserveIT’s user context with your other data feeds.

• Plugin
• Integration using CEF Logs

ServiceNow: Support your remote access approval workflow by automatically linking your remote connection requests with incidents in ServiceNow.

• Configuration Guide

IBM Resilient: The unmatched user context ObserveIT provides will streamline your Resilient investigations. The included automated workflow functions will bring the ObserveIT insights to your incidents either automatically or with the click of a button.

• ObserveIT App
• User Guide

ObserveIT API: With the power of ObserveIT’s REST API, you can download reports, update lists, start and stop recordings, and more! Bring the unmatched user-context of ObserveIT anywhere by building a custom integration.

• Developer Portal
• Documentation for Developer Portal