All Apps and Add-ons

Callmanager CDR - reporting and alerting around spam callers

sideview
SplunkTrust
SplunkTrust

[Note - this is posted on behalf of a prospect of ours, from a pre-sales support thread]

I am evaluating the Cisco CDR Reporting and Analytics app and I am wondering if we can somehow run a report that monitors for a spam call and alerts us. Maybe checking for an extreme amount calls to a site within a limited time period. Is there something that has been previously done?

0 Karma

sideview
SplunkTrust
SplunkTrust

Well it's not a question we've seen before, but yes I think we can absolutely do well here.

One similar thing that's come up a few times, is around fraud/security - finding inbound numbers that are suddenly making large amounts of outbound international calls. (!)

1) At the simplest level, being that which you can merely click your way to,

in our app, Navigate in the menu to Report > General Report.

Change the "type" pulldown at the top left to just "incoming" calls.

a) then change the reporting row from saying
of over time
to instead say
of over
and also set the "sort by" pulldown (which will then appear) to say "calls descending"

OR another report that you might find useful is to:
b) change the reporting row to
of by callingPartyNumber
and same thing - set the sort by.

This will show you the outside parties who have called the largest number of different numbers.

2) At progressively more sophisticated levels, in the app we can
a) combine those two metrics in a single report.

b) have a sort of two level approach, where we find over a few weeks, what numbers are the top callers by one or both of these metrics, bake that list into a lookup once a day and then search for those numbers explicitly against only the last few hours or 24 hours worth of calls.

3) of course... I wonder if other software or another tool is capable of providing an explicit list of suspected spam numbers? I'm suddenly curious how android does it. Ingesting that list into splunk independently, or putting it into a Splunk lookup, might offer both a better and shorter path to success. And it's easy enough to wire in custom pieces like that into the app. For instance I could help you turn this into a new field called simply "is_suspected_spam_caller" =0,1 or "spam_score" perhaps between 1 and 5 intended to resemble the email spam scores.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...