Automation & Integration • Room 2

ITSI + Enterprise Security Integration

ITSI and Enterprise Security (ES) can share a Splunk deployment, enabling powerful cross-domain correlation. When a security incident in ES affects an IT service monitored by ITSI, operators can see both the security context and the service impact simultaneously.

Integration points include shared entities (the same server appears in both ITSI and ES asset lists), Notable Event correlation (an ES security alert triggers an ITSI service degradation), and unified dashboards that combine security posture with service health. The IT Operations team sees service impact while the SOC sees the security context.

Map ITSI entities to ES assets using the same host/IP identifiers. This creates a single source of truth for infrastructure across both apps.

Knowledge Check

Prove your understanding to clear the room (Rewards XP)

Drag items to their correct zone (or tap item then tap zone on mobile)

A ransomware alert triggers in Enterprise Security

ITSI detects that the Payment Service KPIs are degrading

Shared entity data links the affected server across both apps

Security Event (ES)

Service Impact (ITSI)

Integration Layer