The OT-BASE Technical Add-on (TA) for Splunk allows Splunk users to process asset and vulnerability data from OT-BASE in Splunk. The most prominent use cases are:
- Data enrichment for threat hunting: Rather than only an IP address, see the full context of devices that may be associated with cyber security threats
- Vulnerability analysis: Use the tools available in Splunk Enterprise Security to analyse IT and OT vulnerabilities in a single pane of glass
- Asset analytics: Use Splunk's flexible query language to search for and to break down asset characteristics.
The OT-BASE TA is compliant with the Splunk Common Information Model (CIM) for assets and vulnerabilities and hence integrates well with Splunk Enterprise Security.
Technically, the OT-BASE TA consists of the following:
- Two modular inputs (one for asset information, the other for known vulnerabilities) that pull data from OT-BASE Asset Center using the REST API,
- dashboards to execute basic searches "out of the box",
- saved searches to generate lookup tables for Splunk Enterprise Security.
The OT-BASE TA is not published on Splunkbase and can only be obtained directly from Langner.