OTHER SIEM INTEGRATION CASE STUDIES
Customer is a leading provider of secure access solutions to both enterprises and service providers.
Customer requested the development of Splunk Add-on to integrate Splunk Alerts with its PPS platform.
Sacumen built Splunk TA(Technical Add-On) that retrieves the Splunk’s Alerts data and feed into the PulseSecure PPS (Pulse Policy Secure) platform.
The Add-on was developed in Python using Alert Action Handler
Add-On has configuration parameters defined on the Alerts screen such as PulseSecure’s REST API URL, API Token, and other required configuration parameters
Splunk Alert Trigger passes the Alerts data to the Alert action defined in Add-on, on match of search query output defined as part of Alerts configuration
Alert Action handler parses the Alerts data, retrieves the Alerts events record (based on CIM fields filter only).
The Add-on supports Splunk version 7.x a
Add-on supported Retry mechanism
Add-on supported CIM 4.x