![]() ![]() I was quickly dropped into a very handy wizard that walks you through the entire process needed to make custom alert actions. Most of the other great features of this tool around data ingestion, extraction and normalization weren’t relevant. I went into the app and clicked “Create an add-on.” I then clicked the button to create a custom alert action. ![]() I downloaded and installed the Splunk Add-On Builder 2.0 to my home Splunk Enterprise 6.5 server. In particular, I wanted to see if I could turn my scripted alert action that tags system in McAfee ePolicy Orchestrator (ePO) into a custom alert action and ARF action. When I saw that new version of the Splunk Add-On Builder had been released, and that it not only supported custom alert actions but also Enterprise Security Adaptive Response Framework (ARF) actions, I had to give it a try. Scripted alert actions existed before custom alert actions, but were more difficult to share and implement. While I am no developer, I have tinkered with scripted alert actions in the past. This allows users to take actions on Splunk alert search results by integrating with nearly any type of open system. Since the release of version 6.3, Splunk Enterprise also supports TAs for custom alert actions. Technical Add-Ons, aka TAs, are specialized Splunk apps that make it easy for Splunk to ingest data, extract and calculate field values, and normalize field names against the Common Information Model (CIM). As a group, the community writes amazing Splunk searches, crafts beautiful dashboards, answers thousands of questions, and shares apps and add-ons with the world.īuilding high quality add-ons is perhaps one of the more daunting ways to contribute. Since the recently-updated Splunk Add-On Builder 2.0 was released, however, it’s never been easier to build, test, validate and package add-ons for sharing on SplunkBase. One of the best things about Splunk is the passionate user community. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |