All Apps and Add-ons

Callmanager CDR - reporting and alerting around spam callers


[Note - this is posted on behalf of a prospect of ours, from a pre-sales support thread]

I am evaluating the Cisco CDR Reporting and Analytics app and I am wondering if we can somehow run a report that monitors for a spam call and alerts us. Maybe checking for an extreme amount calls to a site within a limited time period. Is there something that has been previously done?

0 Karma


Well it's not a question we've seen before, but yes I think we can absolutely do well here.

One similar thing that's come up a few times, is around fraud/security - finding inbound numbers that are suddenly making large amounts of outbound international calls. (!)

1) At the simplest level, being that which you can merely click your way to,

in our app, Navigate in the menu to Report > General Report.

Change the "type" pulldown at the top left to just "incoming" calls.

a) then change the reporting row from saying
of over time
to instead say
of over
and also set the "sort by" pulldown (which will then appear) to say "calls descending"

OR another report that you might find useful is to:
b) change the reporting row to
of by callingPartyNumber
and same thing - set the sort by.

This will show you the outside parties who have called the largest number of different numbers.

2) At progressively more sophisticated levels, in the app we can
a) combine those two metrics in a single report.

b) have a sort of two level approach, where we find over a few weeks, what numbers are the top callers by one or both of these metrics, bake that list into a lookup once a day and then search for those numbers explicitly against only the last few hours or 24 hours worth of calls.

3) of course... I wonder if other software or another tool is capable of providing an explicit list of suspected spam numbers? I'm suddenly curious how android does it. Ingesting that list into splunk independently, or putting it into a Splunk lookup, might offer both a better and shorter path to success. And it's easy enough to wire in custom pieces like that into the app. For instance I could help you turn this into a new field called simply "is_suspected_spam_caller" =0,1 or "spam_score" perhaps between 1 and 5 intended to resemble the email spam scores.

0 Karma
Get Updates on the Splunk Community!

There's No Place Like Chrome and the Splunk Platform

Watch On DemandMalware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

The Great Resilience Quest: 5th Leaderboard Update

The fifth leaderboard update for The Great Resilience Quest is out >> 🏆 Check out the ...

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...