CSNF Splunk TA

Summary: Use the Splunk Add-on for CSNF to ingest security events normalized to the Cloud Security Notification Framework (CSNF). The Splunk CSNF Add-on offers support for multiple Cloud providers and integrates with your existing Splunk security landing zone to deliver powerful security searches, dashboards and analytics, allowing you to secure your multi-Cloud security practice in minutes. Features: Mappings for AWS GuardDuty, Microsoft Security Center and Oracle Cloudguard security events. GCP SCC event integration is coming soon. With a single click, implement multi-cloud security searches into Splunk Enterprise or Enterprise Security Filter to identify all security types by threat categories, keywords, sourcetypes, or kill chain phases CSNF advanced data model management to simplify administration

Built by Peter Campbell

Latest Version 1.1.0

June 12, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0

CIM Version: 5.x, 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

Summary: Use the Splunk Add-on for CSNF to ingest security events normalized to the Cloud Security Notification Framework (CSNF). The Splunk CSNF Add-on offers support for multiple Cloud providers and integrates with your existing Splunk security landing zone to deliver powerful security searches, dashboards and analytics, allowing you to secure your multi-Cloud security practice in minutes. Features: Mappings for AWS GuardDuty, Microsoft Security Center and Oracle Cloudguard security events. GCP SCC event integration is coming soon. With a single click, implement multi-cloud security searches into Splunk Enterprise or Enterprise Security Filter to identify all security types by threat categories, keywords, sourcetypes, or kill chain phases CSNF advanced data model management to simplify administration