Contents x
      Splunk 4.2.2
      • 02 Apr 2025
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Contents

      Splunk 4.2.2

      • Updated on 02 Apr 2025
      • 1 Minute to read
      • Dark
        Light
      • PDF
      Article summary

      Splunk - 4.2.2

      tags: Python | SIEM | Log Management | Realtime Data | Realtime Events

      Table of Contents

      Description

      Integration with Splunk supports CDC users by providing the extraction of logs and observables from the Splunk platform. This enables CDC users to make informed decisions regarding incident response.

      Splunk searches, analyzes, and visualizes machine-generated data gathered from the websites, applications, sensors, devices, etc. that make up IT infrastructure and business. By consolidating log events and network flow data from thousands of devices, endpoints, and applications distributed throughout your network, Splunk correlates all of this information and aggregates related events into single alerts, to accelerate incident analysis and remediation.

      The integration is bi-directional. It enables the closure of incidents/alerts on the CDC, to trigger a closure of the respective alerts in Splunk as well. Search and related drill-down options are used to get additional information from Splunk. All of the read information is passed on to the CDC in the form of an alert, with information stored as raw information and observables.

      We have also provisioned this integration to be able to use either asynchronous APIs or backend APIs supported by the CDC, for alert ingestion.

      Integration Type:SIEM
      Information read:Logs from Splunk based on Criteria defined
      API Supported:API V8.0.5
      Input:N/A
      Output:Detailed logs which lead to the creation of alerts and observables on CDC.

      CDC Command Lines

      No CDC command lines

      Workflows

      • create_alert_from_splunk
        Push Splunk formatted alerts to the CDC.

      • execute_query
        Execute Splunk queries and set results in Redis.

      • get_splunk_alert_data_from_redis
        Get Splunk alert data from Redis, which needs to be injected to the CDC as an alert.

      • inject_splunk_alert_to_cdc
        Inject Splunk alerts to the CDC using CDC backend or CDC asyncAPI.

      Rules

      • Splunk.cdc_closed_alert_listener_for_splunk
        Close alerts in Splunk.

      • cdc_new_alert_from_splunk
        Triggers injecting new alerts to the CDC workflow, when a new alert is created in Splunk.

      Sensors

      • AlertsSensor
        Sensors to pull alerts from Splunk.

      Poll interval - 30s

      Triggers

      No triggers

      Known Issues

      Was this article helpful?
      What's Next