Solved: How can I write my own adaptive response action?

smoir_splunk · ‎10-28-2016

I want to build an adaptive response action to push malware signatures from Enterprise Security into my own application and return data about them to ES using a REST API. What is the best way to get started? Are there any examples?

rpille_splunk · ‎10-28-2016

Yes, we have documentation and examples that walk through building a custom adaptive response action.

Follow this documentation for step-by-step instructions: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBF

You'll notice there are two paths available to you:
1. Use Splunk Add-on Builder, which simplifies the process considerably. See this example: http://dev.splunk.com/view/addon-builder/SP-CAAAFBQ
2. Create the action manually. See this example: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBH

If you want to use Splunk Add-on Builder, download it here: https://splunkbase.splunk.com/app/2962/

View solution in original post

rpille_splunk · ‎10-28-2016

Yes, we have documentation and examples that walk through building a custom adaptive response action.

Follow this documentation for step-by-step instructions: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBF

You'll notice there are two paths available to you:
1. Use Splunk Add-on Builder, which simplifies the process considerably. See this example: http://dev.splunk.com/view/addon-builder/SP-CAAAFBQ
2. Create the action manually. See this example: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBH

If you want to use Splunk Add-on Builder, download it here: https://splunkbase.splunk.com/app/2962/

How can I write my own adaptive response action?

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!