CCX Tenable Products Extensions (Tenable OT and WAS)

About Us: CyberCX is Australia’s greatest force of cyber security experts. Our highly skilled professional services team operates a 24x7 on-shore security operations centre (SOC) servicing corporate and public sector organisations across Australia and New Zealand, specialising in Security Operations services leveraging Splunk. Description: The CCX Add-on for Tenable Products looks to provide additional field extraction and CIM compliance for Tenable log sources captured via "Tenable Add-On for Splunk" and "Tenable WAS Add-On for Splunk". This Technical Add-on does not replace the public Splunk Add-on for Tenable (https://splunkbase.splunk.com/app/4060) or Tenable WAS Add-On for Splunk (https://splunkbase.splunk.com/app/6884) but works as an additonal extension to be deployed on Search Heads (only). Currently this add-on provides additional extraction and CIM compliance for sourcetypes: - "tenable:ot:alerts" (Tenable.ot) - "tenable:io:vuln:was" (Tenable WAS) Fully compatible with Splunk Enterprise and Splunk Cloud, built by an Ops team for Ops teams. Features: - This TA currently supports logtypes tagged under the following CIM datamodels: Alerts, Authentication, Change, Data Access, Intrusion Detection (IDS), Malware, Network Traffic, and Vulnerability .