Nucleus User Logs Technology Add-on

The Nucleus User Logs Technology Add-on (TA-nucleus-logs) enables seamless ingestion of audit logs from the Nucleus Security platform into Splunk Enterprise. Problem Addressed: Organizations using Nucleus Security need to aggregate and analyze user activity, authentication events, and role modifications for security monitoring, compliance auditing, and incident response. Without this integration, security teams must manually access the Nucleus platform to review audit logs, making it difficult to correlate Nucleus user activity with other security events across their environment. Solution Provided: + Automated Data Collection: Continuously polls the Nucleus Security REST API (/nucleus/api/logs endpoint) to retrieve audit logs at configurable intervals + Intelligent Deduplication: Uses checkpoint-based tracking with SHA1 hashing to prevent duplicate events while ensuring no data loss + Pre-configured Field Extractions: Automatically extracts key fields from audit logs including usernames, actions (login, logout, role modifications), outcomes, browser information, and organizational IDs + CIM Compatibility: Normalizes data with consistent field naming (nucleus.user, nucleus.action, nucleus.outcome) to facilitate integration with Splunk Enterprise Security and other analytics apps + Flexible Deployment: Supports multiple Nucleus instances through separate input configurations Use Cases: + Security monitoring and threat detection (failed logins, unusual access patterns) + Compliance reporting (user access auditing, privileged user tracking) + Incident investigation (correlating Nucleus user activity with security events) + User behavior analytics across hybrid environments