Add data export to Splunk Integration
Hi
D42 currently has a Splunk integration to send audit log data to Splunk.
I would like to see this integration expanded to also send D42 data (e.g. asset or ADM data).
The reason for this is if your using Splunk for SIEM (either just using Core or Enterprise Security), a core required data set is information about your assets, so if your sending your audit data to Splunk there is a good chance you also need the discovered data.
I would like to see either an option to choose to send a table(s) to Splunk on a schedule or an option on the DOQL queries to send the JSON output to Splunk on a schedule. Both these options can use the existing Splunk HEC configuration in D42.
Thanks
Andy
-
Hey Andy,
We are going to look into this request for you and will get back to you once we review in the coming weeks. I am also reaching out via email to see if we can get a call setup with you and our PM who handles integrations so that we can dive in a bit further with you and your team. Please let us know if you have any other questions or requests in the meantime.
Thanks,
Matthew Besfer
matt.besfer@device42.com
D42 Product Management0
Please sign in to leave a comment.
Comments
1 comment