I have just published a Splunk application for ActiveTrust Cloud.
This application allows you to:
- get ActiveTrust Cloud logs into Splunk using the REST API introduced with ATC 2.0
- filter it efficiently with full drill down support based on the time, threat property, threat class, source IP, domain name, query type and much more
- get context from Infoblox Dossier threat intelligence.
Mandatory: ActiveTrust Cloud
Optional: Dossier for threat intelligence
https://splunkbase.splunk.com/app/3850/
Some screenshots:
Any feedback welcome.
Regards,
Nicolas
