I would like to integrate an app or add-on into Splunk that enables employees in the company to bring anomalies into the SIEM system through an externalization tool. For example, received phishing emails or openly lying around USB sticks.
What is the best way to implement this? Which App or Add on can you recommend?
Perhaps you could integrate your ticketing system with Splunk and have employees submit tickets to report security incidents.