Splunk application for ActiveTrust Cloud
I have just published a Splunk application for ActiveTrust Cloud.
This application allows to:
- get ActiveTrust Cloud logs into Splunk using the REST API introduced with ATC 2.0
- filter it efficiently with full drill down support based on the time, threat property, threat class, source IP, domain name, query type and much more
- get context from Infoblox Dossier threat intelligence.
Mandatory requires ActiveTrust Cloud.
Optionally requires Dossier for threat intelligence
Any feedback welcome.