Solved

Splunk / SIEM Integration

  • 13 September 2023
  • 2 replies
  • 63 views
Kachow
Badge

I’d like to use FN APIs to integrate with Splunk and SIEM / Security systems. Has anyone else done this?

icon

Best answer by GTurner 6 October 2023, 21:30

View original

2 replies

catbanks
Badge

âž•1

GTurner
Rank
Userlevel 1

Hi Kristopher. We have many customers that have successfully integrated with Splunk.  At a very highlevel, an NQE query is developed to extract the desired data from the Forward Platform.  The data is extracted in a structured format and easily ingested into Splunk via a 3rd party Splunk app accessing the data through Splunk forwarders.  Before developing the 3rd party app, I suggest creating the query an ingesting through the Splunk Web interface to ensure the proper visualization, indexing, etc. is achieved.  

In this example, The customer wants to ensure that best practices for device hardening are followed.  We begin by ingesting the NQE output compliant with the best practices and from this point simple dashboards are created for simple at-a-glance consumption.

 

GT

Reply


Badge winners

  • Community Champ Award
    huutho5011has earned the badge Community Champ Award
  • Community Champ Award
    AricaFNhas earned the badge Community Champ Award
  • Founding Member
    rrogers33has earned the badge Founding Member
  • Founding Member
    Si_Pricehas earned the badge Founding Member
  • Founding Member
    NQEwizardhas earned the badge Founding Member
Show all badges
Terms of UseCookie settings