Getting Data In

Cisco/OpenDNS Umbrella/Investigate: so many apps, so many options ... What is best?

woodcock
Esteemed Legend

Here is what is on Splunkbase (maybe others, too):
Umbrella Add-on for Splunk Enterprise: https://apps.splunk.com/app/3629/ (also on GitHub)
Cisco Umbrella Add-On for Splunk: https://splunkbase.splunk.com/app/3926/
Cisco Umbrella Investigate Add-on: https://splunkbase.splunk.com/app/3324/
(https://developer.cisco.com/docs/cloud-security/#!umbrella-investigate-add-on-for-splunk/set-up-cred...
Cisco Cloud Security Umbrella Add-on for Splunk: https://splunkbase.splunk.com/app/5557/

There is clearly a great deal of duplication and I am VERY confused about what is what and which to use.
There are at least 2 things to be done:
1: Data Input: Pull in security events.
2: Ad-Hoc Lookup: Enrich Splunk events with threat detail.

I am hoping for 2 kinds of help:
1: A suggestion on which apps to use.
2: Step-by-step details on how to set each up.

Labels (1)

Golgie
Loves-to-Learn Lots

Hey, did you ever set investigate up? 

I have umbrella logs going to our s3 buckit and pulling that data in with the cisco cloud security umbrella addon.

Not really sure if I need to fully setup cisco cloud security app. This is the app found in the github presentation. Thanks.  

0 Karma
Get Updates on the Splunk Community!

Video | Welcome Back to Smartness, Pedro

Remember Splunk Community member, Pedro Borges? If you tuned into Episode 2 of our Smartness interview series, ...

Detector Best Practices: Static Thresholds

Introduction In observability monitoring, static thresholds are used to monitor fixed, known values within ...

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...