OTHER SIEM INTEGRATION CASE STUDIES
Pulse Secure integration (Add-on) with SplunkIntegration with LogRhythm
Secure Access Platform integration(Add-on and App ) with Splunk
CASB Platform integration (Add-on and App ) with Splunk
DNS Platform integration (App ) with Splunk
Business Risk Intelligence Platform integration ( Add-on) with Splunk
Infrastructure Monitoring Platform integration ( Add-on) with Splunk
Customer is a leading SIEM solution provider.
They provide a platform for companies to aggregate and act upon Threat Intelligence.
Customer requested to build a Connector app to integrate their platform with Salesforce Event Monitoring to collect events and perform orchestration action to create case based on security alert.
Sacumen developed the Connector app to integrate Salesforce using java, and Apache REST. The Connector app performs the following actions:
Set up the prerequisites
Setup Salesforce Developer login
Or Connect App credential
Authenticate using API (REST) with OAuth 2.0, the access token is a session ID and can be used directly.
Collect the events
Collect event based on filter like event type, event creation date
Calculates estimated EPS.
Calculates bandwidth consumption.
Calculates the error rate.
If EPS goes beyond the limit, then throttle the extra events to maintain the performance of the app.
Perform orchestration action like create cases in Salesforce.
There are no reviews yet.