WithSecure Elements Add-on app icon

WithSecure Elements Add-on

Collects EPP Security Events and EDR Broad Context Detections from WithSecure Elements via OAuth2-authenticated API, with CIM-compliant field extractions for endpoint, malware, intrusion detection, and process data.

Built by Flo Flo
splunk product badge
screenshot
screenshot
screenshot
screenshot
Latest Version 1.0.4
June 19, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.4, 10.3, 10.2, 10.1, 10.0, 9.4, 9.3, 9.2, 9.1, 9.0
CIM Version: 8.x, 6.x, 5.x, 4.x
Rating

0

(0)

Log in to rate this app
Support
WithSecure Elements Add-on support icon
Developer Supported addon
The WithSecure Elements Add-on collects endpoint protection and detection data from the WithSecure Elements API. It ingests EPP Security Events and EDR Broad Context Detections through OAuth2-authenticated modular inputs, enabling centralized security event analysis in Splunk. The add-on maps collected events to CIM endpoint, malware, intrusion detection, and process tags, facilitating correlation with other security data sources. Two modular inputs handle data collection: withsecure_epp_input retrieves endpoint protection events, while withsecure_bcd_input collects EDR broad context detection incidents. Events are indexed under source types withsecure:epp:security_event, withsecure:epp:bcd_incident, and withsecure:epp:bcd_detection. The add-on includes a custom search command for retrieving specific detection details and provides a workflow action to fetch incident detections directly from the Splunk interface.

Categories

Security, Fraud & Compliance, SIEM

Created By

Flo Flo

Source Code

WithSecure Elements Add-on(Opens new window)

Type

addon

Downloads

10

Licensing

Apache License Version 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing