Detection Backfill (Rerun and Healthcheck)

This TA can be used to fill in detection gaps following a period of data collection interruption. Once data are recovered in Splunk, this application can be used to restart scheduled searches during this outage. You can automatically create your list of backfills using a dedicated dashboard based on an outage period and a regexp on savedsearches that need to be rerun. You can manage the backlog of all your rescheduled searches (backfills are run periodically to avoid performance issues over the platform) You can monitor the reruns based on the internal logs and a full details of logging provided in the python scripts

Built by Alexandre Demeyer

Latest Version 1.5.3

February 18, 2025

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0

CIM Version: 6.x, 5.x, 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported app

Learn more

Ranking

#38

in SIEM

This TA can be used to fill in detection gaps following a period of data collection interruption. Once data are recovered in Splunk, this application can be used to restart scheduled searches during this outage. You can automatically create your list of backfills using a dedicated dashboard based on an outage period and a regexp on savedsearches that need to be rerun. You can manage the backlog of all your rescheduled searches (backfills are run periodically to avoid performance issues over the platform) You can monitor the reruns based on the internal logs and a full details of logging provided in the python scripts