The Symantec Technology Add-on for Splunk (TA) helps in mapping and extracting various attributes of ICDx event types. The extractions include mapping to Common Information Model (CIM) data models as well. You can then use the extractions to populate various panels of dashboards in the SOC View App.
The Symantec SOC View App for Splunk gives Security Operations Analysts a cohesive view of the security posture of their network. This app provides business intelligence into the Symantec Integrated Cyber Defence Exchange (ICDx) data, which is a combination of multiple Symantec products deployed in your network. Note - The Symantec SOC View App for Splunk requires installation of the Symantec SOC View TA for Splunk.
The SOC View App and TA are supported on the following versions of Splunk:
7.0.x
7.1.x
7.2.1
This SOC View App and TA are supported on the following versions of Symantec ICDx product
1.1.0 and after
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.