Quarantine Workloads Using Splunk Core Alert Actions
If Splunk Enterprise Security Suite (ESS) is not installed in your Splunk infrastructure, the Illumio App for Splunk offers a way to monitor and take action on the events reported by analytics on Illumio PCE logs.
To achieve this, the Illumio Add-On for Splunk leverages the custom alert action to quarantine the workload. These actions are available on the drilldowns from the main dashboards.