The Nozomi Networks Add-on for Splunk connects to your instances of the Nozomi Networks Guardian™ or Central Management Console.
Nozomi Networks Guardian™ unlocks visibility across converted OT and IoT networks for accelerated security and digital transformation. Its physical and virtual appliances monitor network communications and device behavior, delivering immediate awareness of your OT/IoT networks and their activity patterns. You see the highest priority vulnerabilities as well as threats and anomalous behavior, enabling you to respond faster, ensuring high reliability and security.
Guardian combines asset discovery and network visualization, vulnerability assessment and risk monitoring, real-time anomaly and threat detection to accelerate and simplify response to operational anomalies and attacks.
This add-on enables you to integrate Nozomi Networks data into your Splunk instance to add context and enrich data correlation. You can map a range of inputs from Nozomi Networks into your Splunk data model, including:
Variables
Alerts
Sessions
Health Logs
Links
Assets
• Default asset information mapping from Nozomi Networks includes asset_id, asset-type, asset_vendor, asset_version, ip, mac, os,
serial number, vendor_product, and zone. You can map additional fields as needed.
Installation instructions are outlined in the accompanying video media for the Nozomi Networks Add-on for Splunk.
Upgrade the app to be python 3 compatible.
Input type nozomi:asset deprecated and create two new input types nozomi:nodes and nozomi:nn_assets.
Add new CIM mappings for nozomi:nn_assets.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.