Skip to content

TechNOLOGY INtegration

Incydr™ + Splunk Phantom

Surface risk to data and accelerate response to insider threats





Data Directionality

Out of Incydr

Supported By


How the integration works

This integrated offering combines the visibility and context of Code42 Incydr – including its library of hundreds of Risk Indicators used to prioritize risk – with Splunk Phantom’s comprehensive security orchestration platform to enable security teams to scale, standardize and automate their insider threat processes.

Key features

  • Automate workflows: Pre-built playbooks triggered by Incydr alerts help you to automate incident response activity
  • Manage departing employees: Use Splunk Phantom to add or remove employees from departing employee and high risk employee Incydr Watchlists
  • Forensic Search: Obtain complete context about exfiltrated files, including user, file and exposure type, file size and data source
Request More Info

Benefits of the integration

Faster response

Streamline alerts and automate workflows to reduce the time it takes to detect and respond to data risk events

Complete context

Quickly investigate file exposure or exfiltration across endpoints, email, cloud and SaaS apps – without leaving Splunk Phantom

Increased productivity

Close incident tickets faster by automating response and remediation procedures via Splunk Phantom

Additional resources

View More Resources

Get In Touch

Learn how Incydr integrates into your tech stack to stop data loss from insiders

Connect With Sales