Customer is a leading Data Protection solution provider. It has a security software platform to let organizations track, visualize, analyze and protect their structured and unstructured data
Customer’s client demanded integration of their Data protection platform with the Splunk so that their clients can view the threat data in Splunk console
- Sacumen developed the Splunk Modular Input app that polls events data in JSON format from the Data protection platform through REST APIs
- Modular Input had configuration file to configure the Client’s URL, API Key and other required configuration parameters.
- Modular Input parsed the data and used Splunk SDK
- Events mapping was done against the Splunk field and custom events were defined
- Splunk Modular Input app was developed for Splunk version 6.5 and above