All Apps and Add-ons

Callmanager CDR - reporting and alerting around spam callers

sideview
SplunkTrust
SplunkTrust

[Note - this is posted on behalf of a prospect of ours, from a pre-sales support thread]

I am evaluating the Cisco CDR Reporting and Analytics app and I am wondering if we can somehow run a report that monitors for a spam call and alerts us. Maybe checking for an extreme amount calls to a site within a limited time period. Is there something that has been previously done?

0 Karma

sideview
SplunkTrust
SplunkTrust

Well it's not a question we've seen before, but yes I think we can absolutely do well here.

One similar thing that's come up a few times, is around fraud/security - finding inbound numbers that are suddenly making large amounts of outbound international calls. (!)

1) At the simplest level, being that which you can merely click your way to,

in our app, Navigate in the menu to Report > General Report.

Change the "type" pulldown at the top left to just "incoming" calls.

a) then change the reporting row from saying
of over time
to instead say
of over
and also set the "sort by" pulldown (which will then appear) to say "calls descending"

OR another report that you might find useful is to:
b) change the reporting row to
of by callingPartyNumber
and same thing - set the sort by.

This will show you the outside parties who have called the largest number of different numbers.

2) At progressively more sophisticated levels, in the app we can
a) combine those two metrics in a single report.

b) have a sort of two level approach, where we find over a few weeks, what numbers are the top callers by one or both of these metrics, bake that list into a lookup once a day and then search for those numbers explicitly against only the last few hours or 24 hours worth of calls.

3) of course... I wonder if other software or another tool is capable of providing an explicit list of suspected spam numbers? I'm suddenly curious how android does it. Ingesting that list into splunk independently, or putting it into a Splunk lookup, might offer both a better and shorter path to success. And it's easy enough to wire in custom pieces like that into the app. For instance I could help you turn this into a new field called simply "is_suspected_spam_caller" =0,1 or "spam_score" perhaps between 1 and 5 intended to resemble the email spam scores.

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...