Customer is a leading provider of secure access solutions to both enterprises and service providers.
Customer requested the development of Splunk Add-on to integrate Splunk Alerts with its PPS platform.
- Sacumen built Splunk TA(Technical Add-On) that retrieves the Splunk’s Alerts data and feed into the PulseSecure PPS (Pulse Policy Secure) platform.
- The Add-on was developed in Python using Alert Action Handler
- Add-On has configuration parameters defined on the Alerts screen such as PulseSecure’s REST API URL, API Token, and other required configuration parameters
- Splunk Alert Trigger passes the Alerts data to the Alert action defined in Add-on, on match of search query output defined as part of Alerts configuration
- Alert Action handler parses the Alerts data, retrieves the Alerts events record (based on CIM fields filter only).
- The Add-on supports Splunk version 7.x a
- Add-on supported Retry mechanism
- Add-on supported CIM 4.x