OTHER SIEM INTEGRATION CASE STUDIES
Customer is a leading Data Protection solution provider.
It has security software platform to let organizations track, visualize, analyze and protect their structured and unstructured data
Customer requested the integration of their Data protection platform with the Splunk so that their clients can view the threat data in Splunk console.
Sacumen developed the Splunk Modular Input app that polls events data in JSON format from the Data protection platform through REST APIs
Modular Input had configuration file to configure the Client’s URL, API Key and other required configuration parameters.
Modular Input parsed the data and used Splunk SDK
Events mapping was done against the Splunk field and custom events were defined
Splunk Modular Input app was developed for Splunk version 6.5 and above