The OTbase Technical Add-on (TA) for Splunk allows Splunk users to process asset and vulnerability data from OTbase in Splunk. The most prominent use cases are:
- Data enrichment for threat hunting: Rather than only an IP address, see the full context of devices that may be associated with cyber security threats
- Vulnerability analysis: Use the tools available in Splunk Enterprise Security to analyse IT and OT vulnerabilities in a single pane of glass
- Asset analytics: Use Splunk's flexible query language to search for and to break down asset characteristics.
The OTbase TA is compliant with the Splunk Common Information Model (CIM) for assets and vulnerabilities and hence integrates well with Splunk Enterprise Security.
Technically, the OTbase TA consists of the following:
- Two modular inputs (one for asset information, the other for known vulnerabilities) that pull data from OTbase Inventory using the REST API,
- dashboards to execute basic searches "out of the box",
- saved searches to generate lookup tables for Splunk Enterprise Security.
The OTbase TA is not published on Splunkbase and can only be obtained directly from Langner.