Splunk Enterprise Security

How can I write my own adaptive response action?

smoir_splunk
Splunk Employee
Splunk Employee

I want to build an adaptive response action to push malware signatures from Enterprise Security into my own application and return data about them to ES using a REST API. What is the best way to get started? Are there any examples?

0 Karma
1 Solution

rpille_splunk
Splunk Employee
Splunk Employee

Yes, we have documentation and examples that walk through building a custom adaptive response action.

Follow this documentation for step-by-step instructions: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBF

You'll notice there are two paths available to you:
1. Use Splunk Add-on Builder, which simplifies the process considerably. See this example: http://dev.splunk.com/view/addon-builder/SP-CAAAFBQ
2. Create the action manually. See this example: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBH

If you want to use Splunk Add-on Builder, download it here: https://splunkbase.splunk.com/app/2962/

View solution in original post

rpille_splunk
Splunk Employee
Splunk Employee

Yes, we have documentation and examples that walk through building a custom adaptive response action.

Follow this documentation for step-by-step instructions: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBF

You'll notice there are two paths available to you:
1. Use Splunk Add-on Builder, which simplifies the process considerably. See this example: http://dev.splunk.com/view/addon-builder/SP-CAAAFBQ
2. Create the action manually. See this example: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBH

If you want to use Splunk Add-on Builder, download it here: https://splunkbase.splunk.com/app/2962/

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...