Return to site

Updated Splunk Integration

· Automation,Splunk

Niddel has featured bi-directional integration with Splunk since June of 2015. This integration has been a great benefit to some of customers, allowing them to leverage their existing investments in two important ways:

  • It streamlines the log collection process by leveraging their existing log centralization and normalization efforts. 
  • Secondly, because Niddel generated alerts can be ingested and processed in Splunk. This allows customer to leverage their existing investment in Splunk skills, easy correlation with other information sources and orchestration with other Splunk-integrated technologies.
Based on this success and lessons learned along the way, we are now proud to announce that we have completely overhauled our Splunk integration. Now, the Niddel Magnet service can be fully integrated with a Splunk deployment using the following components:
  • The Niddel Magnet Alerts Add-on implements the indexing of communications flagged as suspicious by Niddel Magnet into Splunk events;
  • The Niddel App for Splunk v2 implements dashboards to visualize the events ingested using the add-on, and allows the collection and submission of Splunk log data to the Niddel Magnet cloud engine.

Previously, a single app was used for both roles. The new apps are much better suited for a distributed Splunk installation, where the Niddel Magnet Alerts Add-on would typically be installed on a heavy forwarder and the Niddel App for Splunk v2 on a search head. Customers with simpler environments can continue to install both apps in a single server, however.

These new apps have been built from the ground up to integrate to the Niddel Magnet service using our new v2 API, which provides a richer data and feature set, plus much simplified integration.

Finally, many other improvements were implemented including redesigned dashboards, and better separation of duties to allow non-Splunk administrators to configure non-critical aspects of the apps.

Finally, both apps are Splunk certified. This means that Splunk has examined them and found to conform to best practices for Splunk development. Splunk also performed a review of the source code for security vulnerabilities, and is willing to attest to the quality and support status of the apps and add-ons it certifies for operation in single-server and/or distributed Splunk deployments.

The certification included the attestation that the apps are eligible for installation in Splunk Cloud environments, as per the Splunk Cloud app requirements and best practices.

We strongly recommend any existing customers using our legacy Splunk integration to migrate to the new apps. Please check our knowledge base section on the new Splunk integration (valid Niddel login required) for more details on how to migrate.

All Posts
×