Category: Tag:

Customer

Customer is a leading provider of secure access solutions to both enterprises and service providers.

Requirement

Customer requested the development of Splunk Add-on to integrate Splunk Alerts with its PPS platform.

data-protection

Technology Solution

Sacumen built Splunk TA(Technical Add-On) that retrieves the Splunk’s Alerts data and feed into the PulseSecure PPS (Pulse Policy Secure) platform.

The Add-on was developed in Python using Alert Action Handler

Add-On has configuration parameters defined on the Alerts screen such as PulseSecure’s REST API URL, API Token, and other required configuration parameters

Splunk Alert Trigger passes the Alerts data to the Alert action defined in Add-on, on match of search query output defined as part of Alerts configuration

Alert Action handler parses the Alerts data, retrieves the Alerts events record (based on CIM fields filter only).

The Add-on supports Splunk version 7.x a

Add-on supported Retry mechanism

Add-on supported CIM 4.x

Do you need free Consultation for your security product integration?

    There are no reviews yet.

    Be the first to review “Pulse Secure integration (Add-on) with Splunk”