Packaged Integrations
Packaged Integrations
ITM On-Prem (ObserveIT) and our partners have built a number of integrations and plugins that work right out of the box with many popular SIEMs and other tools.
These integrations provide security analysts and investigation teams with user activity metadata, smart user behavior alerts and user context to help identify and investigate Insider Threats and other user-based threats directly from within the App. Security teams can correlate ITM On-Prem (ObserveIT) metadata to create smarter alerts and stop threats before they happen.
Below are links to guide you.
Splunk: ObserveIT’s Splunk integration is easy to install from Splunkbase, allowing visualization and correlation between your ITM On-Prem (ObserveIT) insights and the other events on your network.
- ITM On-Prem (ObserveIT) Add On
- ITM On-Prem (ObserveIT) App
- Splunk Integration User Guide
- Splunk Integration User Guide - PDF
IBM QRadar: ObserveIT’s QRadar integration is easy to install from IBM’s X-Force App Exchange and will bring your ITM On-Prem (ObserveIT) data into QRadar so you can correlate with data from other sources and manage Critical Alerts as Offenses.
McAfee ESM: ITM On-Prem (ObserveIT) integration with McAfee ESM brings the powerful ITM On-Prem (ObserveIT) insights into your SIEM, so you can manage your alerts and correlate ObserveIT’s user context with your other data feeds.
ArcSight: ObserveIT’s Arcsight integration is easy to install from MicroFocus’ ArcSight Marketplace and will bring your ITM On-Prem (ObserveIT) data into your SIEM so you can manage your alerts and bring meaning to the data from other systems with ObserveIT’s user context.
LogRhythm: By correlating ObserveIT’s powerful user context with the other data sources in your SIEM, a complete picture of a user’s activities will emerge, allowing for creation of smarter alerts and quicker threat elimination.
AlienVault: ITM On-Prem (ObserveIT) integration with AlienVault brings the powerful ITM On-Prem (ObserveIT) insights into your SIEM, so you can manage your alerts and correlate ObserveIT’s user context with your other data feeds.
ServiceNow: Support your remote access approval workflow by automatically linking your remote connection requests with incidents in ServiceNow.
IBM Resilient: The unmatched user context ITM On-Prem (ObserveIT) provides will streamline your Resilient investigations. The included automated workflow functions will bring the ITM On-Prem (ObserveIT) insights to your incidents either automatically or with the click of a button.
ITM On-Prem (ObserveIT) API: With the power of ObserveIT’s REST API, you can download reports, update lists, start and stop recordings, and more! Bring the unmatched user-context of ITM On-Prem (ObserveIT) anywhere by building a custom integration.