Splunk On-Call

We use Splunk On-Call to alert team members through monitors based on logs in Splunk and DataDog, as well as from manual incidents when business impact is detected.

• Directly helps us quickly mitigate impact
• increased incident reaction time by >40% during business hours
• unmeasurably large impact to incident reaction time for after-hours

Datadog, PagerDuty and incident.io

Automate the incident responses, speed up resolutions, notify owners with an escalation matrix, and use resources like articles to help responders to resolve incidents faster. Select responders with the right expertise and provide information from similar incidents for more effective resolution. Reducing mean time to acknowledge and resolve incidents. Gain visibility into critical incidents and steps are taken to resolve them.

• Automation
• Documentation
• RCA

• Mean time to acknowledge.
• Mean time to resolve.
• Faster notification.
• Escalation matrix.

Acoustic Analytics and Azure Data Science Virtual Machines (DSVM)

Azure Analysis Services, ScienceLogic SL1, IBM Tivoli NetCool/OMNIbus

Splunk On-Call is the extended orchestration arm of Splunk. It is utilized to automate and centralize the flow of information during an incident. It is a great add-on if you have Splunk Enterprise Security in your environement and if you are providing services to multiple customers as it can peovide efficiency and optimize the incident life-cycle.

• Centralized Incident Workflow
• Correlation with Incidents
• Knowledge sharing during Incident life cycle

• Reduced incident handling time
• Better incident contextual information sharing
• Better incident documentation

BMC Helix ITSM (Remedy)

ArcSight Recon, ArcSight Intelligence, Recorded Future, Microsoft 365

Splunk On-Call aggregates our various scripts and in-app on-call features to be consolidated in a centralized location to alert various teams globally to automate or manually perform set functions based on the on-call alert triggered. The relatively easy to setup services and minimal on premise requirement are attractive for any organization trying to minimize local footprint with hybrid cloud solution eventually moving towards a full cloud infrastructure.

• Integration of all other apps on-call into it
• Single platform with user security roles defined
• Ease of implementation (with existing in-house Splunk implementers)
• Scalability

• Saved hundreds of IT worker hours utilizing a single platform
• More cohesive support SLA from IT support teams
• Reduced time updating on-call modifications
• Synchronized update cycle

xMatters and Citrix Endpoint Management

xMatters, Citrix Endpoint Management, SAP Access Control

We used Splunk on Call (formerly Victor-Ops) as Incident manager in une project last year

• Case Management
• Incident Management and escalation
• Native integration with Splunk
• Integration with external troubleticketing systems

• We used in only one project and it was very useful because the customer didn't have a performant Case Manager and we used it for Incident Management

Splunk SOAR and Palo Alto Networks Cortex XSOAR

Splunk SOAR