Capabilities :
Can download a flat file csv/json/xml from https://www.microsoft.com/en-us/download/details.aspx?id=*
Breaks it into per event and index in json format.
Usage :
This can be used by SOC to identify an IP address if the origin is from one of the Microsoft published public IP.
Inputs can be added/modified from the inputs page from UI or through inputs.conf
Example inputs:
[microsoft_public_ip://ServiceTags_US_government]
download_url_id = 57063
file_format = json
index = microsoft
interval = 86400
url_region = in
Added health checks of feed, including a dashboard.
*Added XML parsing support
*Added alerts to identify exceptions [Exception on finding deep_link | 404] [Proxy error with Microsoft inputs]
*Added inputs template for easier use of data feeds
*Minor changes to pass Upgrade Readiness App test for V9
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.