icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading SecurityScorecard
SHA256 checksum (securityscorecard_140.tgz) 340c9406cbab18c45ded950d2af9ce3f461385fdec340a81af30c8ea724ab795 SHA256 checksum (securityscorecard_13.tgz) 01f7a159953c53ed7d2f8d074ca0a8105d29475dd67720a6f0d79db322954c6e SHA256 checksum (securityscorecard_12.tgz) 4266e91e3c3255fef991bd40aefe97cf01e372173e4720e6d667c6f69d157017 SHA256 checksum (securityscorecard_11.tgz) 62153db391d0ee79e4505b526e3e8da702cd69615a95d82b121b5a3d4f0a66eb SHA256 checksum (securityscorecard_10.tgz) 49d22033ca418622de4ff20ae2af5bd9241e03a19b15ffc67f5688ce27d2ac43
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

SecurityScorecard

Splunk AppInspect Passed
Overview
Details
SecurityScorecard is a security ratings platform that enables enterprises to instantly rate and understand the security risk of companies, non-intrusively and from an outside-in perspective. We use an A-F rating scale. Companies with a C, D or F rating are 5.4 times more likely to be breached or face compliance penalties than companies with an A or B rating. Our platform is used by hundreds of customers for use-cases including vendor risk management, cyber insurance, board reporting, and M&A. Headquartered in New York City, we are funded by top investors like Sequoia Capital, Google Ventures, NGP, Moody’s, Intel, and others. Our vision is to create a new language for companies and their partners to communicate, understand, and improve each other’s security posture.

Check out the details tab for more information!
What does the SecurityScorecard App for Splunk do?

The SecurityScorecard app for Splunk will offer customers the ability to monitor three components of the SecurityScorecard platform:

  • SecurityScorecard’s overall letter-grade security ratings, which give customers the ability to quickly and easily understand the cybersecurity posture of an organization via an easy-to-understand A-F rating scale
  • SecurityScorecard’s underlying factor data in key risk categories, including Application Security, Malware, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Passwords Exposed. Each of these factors is predictive.For example, companies with a C, D, or F rating in Social Engineering are more than 400% more likely to experience a data breach than those with an A or B rating.
  • SecurityScorecard issue-related data, which offers a breadth and depth of critical data points across 87 different issue types not available from any other security ratings provider.

You can choose to monitor your own scorecard or third party scorecards or both. Once the app is installed, the app will begin pulling scores and issue level event information on a daily basis and logging them to Splunk. You can leverage the power of Splunk to search, visualize and take action on the information that is logged, enabling you to efficiently monitor your own cybersecurity risk as well as the risk posed by your 3rd parties.

What can I do with the SecurityScorecard data?

Once our data begins flowing into your Splunk instance, there are numerous applications you can use it for. Some examples include the ability to merge:

  • SecurityScorecard data with other private and 3rd party threat intelligence data you may be tracking.
  • Internally cyber security event and log data with SecurityScorecard ratings and issue level event information (e.x combine your firewall log data with network security findings from SecurityScorecard).

Additional you can:

  • Monitor changes in overall & factor level scores on your own or 3rd party scorecards
  • Monitor new issues being added, removed or resolved on your own or 3rd party scorecards
  • Leverage SecurityScorecard data in existing vendor risk management or other security operations programs being run out of customer SIEM platforms directly
  • Monitor for new threats, adverse score events, self-assessment score etc.

You can also leverage the power of Splunk’s visualization features to create dashboard with SecurityScorecard data included. Attached are some examples of the type of dashboards you can build to monitor for changes in scores and issue level events.

Top 10 Critical Vendor Dashboard

How does the app fetch data and how often does it get new data?

The SecurityScorecard Splunk app leverages the SecurityScorecard API to retrieve scores and issue level findings information, this is why the app requires an API key as part of the setup process. The SecurityScorecard Splunk app gets fresh data every 24 hours.

When the SecurityScorecard Splunk app runs, it will retrieve the following data points:

  • List of companies in any monitored portfolio’s (if portfolios have been configured)
  • For your own scorecard or third party scorecards
  • Overall score
  • Factor Level score
  • Changes in the Scorecard Event Log for the day

  • Please Note: The SecurityScorecard app for Splunk will not currently retrieve all active historical issues on a scorecard and backfill them to Splunk, it will log all score changes and new events on a daily basis going forward. *

How do I install the app?

SecurityScorecard’s Splunk app is now available on Splunkbase. Sign into Splunkbase and download the latest version available. Once you have downloaded the package:

To install apps and add-ons from within Splunk Enterprise

  • Log into Splunk Enterprise.
  • On the Apps menu, click Manage Apps.
  • Click Install app from file.
  • In the Upload app window, click Choose File.
  • Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  • Click Upload.
  • Click Restart Splunk, and then confirm that you want to restart.

To install apps and add-ons directly into Splunk Enterprise

  • Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  • Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  • Restart Splunk.
  • After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Once the app is installed, you should see it on the left hand menu under Apps.

SecurityScorecard Splunk app is installed

Are there any prerequisites for installing the the app?

Yes, please make sure you have completed the following steps before installing our app:

  • Please make sure you are running Splunk version 7.1
  • Make sure Java is installed, minimum supported version is 1.8.
  • Make sure the Java Virtual Machine is installed, minimum supported version 1.8
  • The Java Virtual Machine is different than the JRE, JDK and OpenJDK.
  • Please make sure you install the Java Virtual Machine
  • Once you have Java and the Java Virtual Machine installed, make sure you set JAVA_HOME to the Contents/Home folder under the install path of the Java Virtual Machine.

Please note: You must have an active SecurityScorecard license & API token in order to setup the app. If you do not have a SecurityScorecard license you can reach out to us at info@securityscorecard.io

Is your app Splunk certified?

SecurityScorecard Splunk app Certified

Yes, our app has passed Splunk’s App inspect process. Going forward, we will ensure future versions of our app pass the app inspect process before being made available to customers.

How do I configure the app?

Once you have the app installed, go to Settings -> Data Inputs. Under Data Inputs you should see an entry for SecurityScorecard, click the link and create a new data input.

SecurityScorecard Data Input

You will be prompted to answer several questions regarding the type of data you want to log to your Splunk’s instance. We have given you the maximum flexibility when it comes to logging data, you can choose the level of data you want to log about your own scorecard or that of third party companies.

Here is a breakdown of the choices you will need to make:

  • Domain Name: If you want to monitor your own scorecard, you will need to provide the domain of your own scorecard.
  • API Token: Please enter your SecurityScorecard API token (example value: Token 33EqgUGLTv69AV3S528hLiNYxCTK -- please note that the word ‘Token’ is required). If you do not already have a token, you can create one by going to the API Access area in your Settings page and then clicking Generate New Token. Please note tokens do not expire and you can re-use them over and over again. If you have a token and generate another one, the first token will no longer be valid and cannot be used for API calls.
  • The SecurityScorecardURL: Please set this to https://api.securityscorecard.io/)
  • PortfolioIds: If you want to monitor third party companies, enter in either 1 or more ID’s of portfolio from SecurityScorecard that contain the third party companies you wish to monitor (Example value: 7ba3fb72e4b07c6277a26d31,8bfc267ce4b024107dcc19db) If you want to monitor all the companies in all your portfolios, you can just enter ‘all’. You can get the portfolio ID’s either via an API call or by looking at the browser’s URL bar when you have a specific portfolio loaded.
  • The next three settings allow you to determine the severity used when logging changes in overrall scores, factor scores or new issues being detected on a scorecard. You can set these values to be whatever works within your existing workflows or programs.
  • The dateOffSet should be set to 3, this ensures you are pulling full days worth of data.
  • The next set of parameters allow you to configure whether the SecurityScorecard app will log changes to Splunk at the overall score, factor level score and for new issue level findings. This allows you only log changes you care about.
  • Finally, you can set whether you want to log to Splunk even when the overall or factor level scores do not change for your own scorecard or third party scorecards. If you are doing trend analysis, it would be best to log even non zero score events as you will start seeing gaps in data otherwise.
Does the app work on Splunk universal and or heavy forwarder

Unfortunately no, Splunk universal and heavy forwarders do not support apps and only support add-on's. They are designed to be for data collection.

Does the app work on Splunk cloud

Version 1.3 supports Splunk Enterprise currently, we are planning to add support for Splunk cloud in an upcomming release.

How much data does your app consume?

Here is the amount of data indexed into Splunk for 2 weeks worth of data:

Companies Monitored Overall Score Only Factor Level Score Only Issue Level Events Only All Data
1 0.002 MB 0.02 MB 0.13 MB 0.16 MB
2 0.006 MB 0.06 MB 0.29 MB 0.36 MB
5 0.016 MB 0.16 MB 0.44 MB 0.62 MB
10 0.034 MB 0.34 MB 0.77 MB 1.14 MB
20 0.069 MB 0.69 MB 0.99 MB 1.75 MB
How do I search for data?

Splunk allows users to search for data by leveraging Search Processing language (or SPL), if you are not familiar with SPL please check out the reference guide and other documentation first.

Once the SecurityScorecard app starts logging data to your Splunk instance, you can leverage SPL to query for the data. Below are a couple of examples to help you get started.

Please note that your queries will return the data that is logged within the timeframe specified in the time range picker on the right side of the search box, if you are not seeing the data you are looking for please double check the time range to make sure it’s set correctly. As a reminder, the SecurityScorecard Splunk app will retrieve new grades and event data based on your settings once every 24 hours.

Example #1: Query for all data logged by SecurityScorecard
To query for all data logged by SecurityScorecard you can simply type in sourcetype=SecurityScorecard into the search bar. This query will return all events logged by the SecurityScorecard app.

Example #2: Query for all data logged by SecurityScorecard at the overrall score level
To query for all scores logged at the overall level you can enter the following query: sourcetype=SecurityScorecard cat=Overall into the search bar. Additionally, if you want to filter to a specific domain you can do that by adding a domain to the search criteria like this sourcetype=SecurityScorecard cat=Overall domain=securityscorecard.com

Example #3: Query for all data logged by SecurityScorecard at the factor score and issue level
You can query all factor level data by specifying Factor as the category sourcetype=SecurityScorecard cat=Factor and similarly you can query for all issue level data by specifying Issue as the category sourcetype=SecurityScorecard cat=Issue

Example #4: Query for all data logged by SecurityScorecard for a specific domain
If you want to filter on a specific company you can do that by specifying the domain in the query sourcetype=SecurityScorecard cat=Overall domain=ibm.com

How do I add a new third party company for monitoring?

If you want to start monitoring a new company after you have already setup the app, you can simply add the third party company to one of the portfolio’s you included in the app’s configuration. Go to the SecurityScorecard platform and find the portfolio and add the third party company to this portfolio. Data for this company will start getting logged in the next synchronization cycle.

How do I remove a existing third party company for monitoring?

To remove an existing third party company from monitoring, simply remove it from the portfolio in SecurityScorecard. If you want to keep monitoring the company in the SecurityScorecard platform but not in Splunk, add the company to either a new portfolio or in an existing portfolio you did not include in the app’s configuration.

Can I make configuration changes to the app?

Yes you can, once saved, the configuration will be used the next time the app runs and gets fresh data.

How do I uninstall the app?

Please see Splunk documentation and recommended steps in Manage app and add-on objects.

How do I get support?

If you have problems with the app, please send an email to support@splunk.com. Splunk will validate whether the issue is with the app or with Splunk. If the issue is with the app please send us an email at support@securityscorecard.io.

Release Notes

Version 1.4.0
April 30, 2019

Changes made in version 1.4:
1. Switched to Python for the implementation
2. Gave users the ability to select the index they want to log the data to
3. Support HTTP Proxies for customer sites that require all API requests go through a proxy.
4. Added Portfolio Name along with Portfolio ID
5. Added SecurityScorecard issue type severity field
6. Improved logging capabilities and gave users the ability to set the level of debugging information entered into logs.

Version 1.3
Jan. 7, 2019

Version 1.3:

Resolves an installation issue for linux based systems including Mac OSX, RedHat Linux, etc.
Resolved issues with 1.2 package that prevented app inspect from passing successfully

Version 1.2
Jan. 4, 2019

Version 1.2 Resolves an installation issue for linux based systems including Mac OSX, RedHat Linux, etc.

Version 1.1
Dec. 13, 2018

Version 1.1 includes fixes for syncing grades and issue level data, as well as cleaning up how we log data to Splunk. Additional fixes for ensuring app inspect passes. Added Readme file as well.

Version 1.0
Nov. 29, 2018

This is the initial version of the app. Version 1.0

36
Installs
238
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.