Customer
Customer delivers converged intelligence and risk solutions to private and public sector organizations worldwide
It provides meaningful intelligence to assist organizations in combating threats and adversaries.
![](https://sacumen.com/media/images/2020/07/user-2.png)
![](https://sacumen.com/media/images/2020/07/req4.png)
Requirement
Customer requested the development of Certified Splunk Add-on to integrate its platform with Splunk.
Technology Solution
Sacumen developed the Certified Splunk Add-on that performs the following:
Captures, indexes, and correlates in real time technical data within Splunk’s searchable repository.
Enables users to generate reports and visualizations, including graphs, alerts, and dashboards.
Collect integrated data using REST-based API.
Includes IOCs such as hashes, URLs, domains, as well as details related to malware families, mapping to the MITRE ATT&CK framework.
The Add-on was built using Splunk Add-on builder and modular input in python language was written.
The Add-on supports Splunk version 7.x.
Add-on supported Retry mechanism, It supported setting logging level and proxy support.
Add-on supported CIM 4.x.
There are no reviews yet.