CCX Extensions for Nozomi Networks

About Us: CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: The CCX Add-on for Nozomi Networks looks to provide additional field extraction and CIM compliance for Nozomi Networks log sources captured via the Add-on Nozomi Networks Sensor Add-on. This Technical Add-on does not replace the public Splunk Add-on for Nozomi Networks Sensor Add-on (https://splunkbase.splunk.com/app/5316) but works as an additional extension to be deployed on Search Heads (only). Currently, this add-on provides additional extraction and CIM compliance support for the following sourcetypes: - nozomi:captured_urls - nozomi:link - nozomi:session - nozomi:link_events - nozomi:node - nozomi:alert - nozomi:variable - nozomi:nn_asset - nozomi:health Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams. Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Alerts, Intrusion Detection (IDS), Malware, Network Traffic, Network Session, Inventory, Endpoint, Performance, and Web.