Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How can I write my own adaptive response action?

smoir_splunk
Splunk Employee
Splunk Employee
‎10-28-2016 04:35 PM

I want to build an adaptive response action to push malware signatures from Enterprise Security into my own application and return data about them to ES using a REST API. What is the best way to get started? Are there any examples?

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎10-28-2016 04:42 PM

Yes, we have documentation and examples that walk through building a custom adaptive response action.

Follow this documentation for step-by-step instructions: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBF

You'll notice there are two paths available to you:
1. Use Splunk Add-on Builder, which simplifies the process considerably. See this example: http://dev.splunk.com/view/addon-builder/SP-CAAAFBQ
2. Create the action manually. See this example: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBH

If you want to use Splunk Add-on Builder, download it here: https://splunkbase.splunk.com/app/2962/

View solution in original post

Reply
Solved! Jump to solution
Solution

rpille_splunk
Splunk Employee
Splunk Employee
‎10-28-2016 04:42 PM

Yes, we have documentation and examples that walk through building a custom adaptive response action.

Follow this documentation for step-by-step instructions: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBF

You'll notice there are two paths available to you:
1. Use Splunk Add-on Builder, which simplifies the process considerably. See this example: http://dev.splunk.com/view/addon-builder/SP-CAAAFBQ
2. Create the action manually. See this example: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBH

If you want to use Splunk Add-on Builder, download it here: https://splunkbase.splunk.com/app/2962/

Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...