Customer delivers converged intelligence and risk solutions to private and public sector organizations worldwide
It provides meaningful intelligence to assist organizations in combating threats and adversaries.
Customer requested the development of Certified Splunk Add-on to integrate its platform with Splunk.
Sacumen developed the Certified Splunk Add-on that performs the following:
- Captures, indexes, and correlates in real time technical data within Splunk’s searchable repository.
- Enables users to generate reports and visualizations, including graphs, alerts, and dashboards.
- Collect integrated data using REST-based API.
- Includes IOCs such as hashes, URLs, domains, as well as details related to malware families, mapping to the MITRE ATT&CK framework.
The Add-on was built using Splunk Add-on builder and modular input in python language was written.
The Add-on supports Splunk version 7.x.
Add-on supported Retry mechanism, It supported setting logging level and proxy support.
Add-on supported CIM 4.x.