OTHER SIEM INTEGRATION CASE STUDIES
Secure Access Platform integration(Add-on and App ) with Splunk
CASB Platform integration (Add-on and App ) with Splunk
DNS Platform integration (App ) with Splunk
Business Risk Intelligence Platform integration ( Add-on) with Splunk
Infrastructure Monitoring Platform integration ( Add-on) with Splunk
Categories
Customer
Customer’s Threat Intelligence platform enriches every stage of your security operations workflow from your trusted and relevant data sources.
Requirement
The Client requested for the integration of their Threat Intelligence platform with the LogRhythm so that their clients can view the Indicators of Compromise (IOC) data in LogRhythm’s console
Technology Solution
Sacumen developed the Powershell based agent app
Powershell Agent used a configuration file in the Agent’s config folder to configure the Client’s URL, API Key and other required configuration parameters.
Powershell Agent made REST calls to Client’s platform to retrieve events data in CSV format.
Powershell Agent parsed the data and write in LEEF format
Events mapping was done against the LogRhythm field and custom events were defined
There are no reviews yet.