Overview

The OT-BASE Technical Add-on (TA) for Splunk allows Splunk users to process asset and vulnerability data from OT-BASE in Splunk. The most prominent use cases are:

• Data enrichment for threat hunting: Rather than only an IP address, see the full context of devices that may be associated with cyber security threats
• Vulnerability analysis: Use the tools available in Splunk Enterprise Security to analyse IT and OT vulnerabilities in a single pane of glass
• Asset analytics: Use Splunk's flexible query language to search for and to break down asset characteristics.

The OT-BASE TA is compliant with the Splunk Common Information Model (CIM) for assets and vulnerabilities and hence integrates well with Splunk Enterprise Security.

Technically, the OT-BASE TA consists of the following:

• Two modular inputs (one for asset information, the other for known vulnerabilities) that pull data from OT-BASE Asset Center using the REST API,
• dashboards to execute basic searches "out of the box",
• saved searches to generate lookup tables for Splunk Enterprise Security.

The OT-BASE TA is not published on Splunkbase and can only be obtained directly from Langner.