SafeBreach Add-on for Splunk

The SafeBreach Add-on for Splunk allows users to collect data from SafeBreach platform, either via API or the Syslog CEF outbound integration. The SafeBreach Add-on for Splunk collects simulation results and audit logs, then transforms and saves the data in CIM-compatible fields. The saved data can be consumed by running searches and creating manual correlations for the simulation results, or using the SafeBreach App for Splunk Enterprise, which provides dashboards for visual representation of the data. In addition, SafeBreach Insights can be fetched via API for later visualization of the security gaps discovered by SafeBreach simulations, as well as for generation of Notable events per SafeBreach Insight that can be consumed in Splunk ES application.

Built by SafeBreach Inc

Latest Version 2.4.1

February 25, 2025

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0

CIM Version: 5.x, 4.x, 3.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported addon

Learn more

The SafeBreach Add-on for Splunk allows users to collect data from SafeBreach platform, either via API or the Syslog CEF outbound integration. The SafeBreach Add-on for Splunk collects simulation results and audit logs, then transforms and saves the data in CIM-compatible fields. The saved data can be consumed by running searches and creating manual correlations for the simulation results, or using the SafeBreach App for Splunk Enterprise, which provides dashboards for visual representation of the data. In addition, SafeBreach Insights can be fetched via API for later visualization of the security gaps discovered by SafeBreach simulations, as well as for generation of Notable events per SafeBreach Insight that can be consumed in Splunk ES application.