Syncing Rumble Assets with Splunk

|
Updated

We are excited to announce the availability of an official Splunk Addon for Rumble!

Rumble Splunk Addon

This addon uses the new Asset Sync API included in version 1.3.1 of the platform and supports two modes of operation.

Rumble Splunk Addon Configuration

The New Assets Only mode will only pull in assets that have not been seen before, or could not be uniquely identified after being rescanned. The All Updated Assets mode will pull all changed assets since the last poll. The backend Asset Sync API is nearly identical to a standard asset export, including support for search filters, but allows checkpoints, where only data since a previous poll is returned.

If you want to sync only assets with a certain port or protocol open, using a filter like protocol:ftp can create a new Splunk input just for FTP servers. If you want to sync only assets found after a certain date, the created:2020-01-24:00:00:00 filter can be used to only return assets discovered after January 24th. Any asset search query can be applied to the input and multiple inputs can be used to feed various types of data into the Splunk backend.

Once the Rumble asset data is in Splunk, slicing and dicing it becomes a breeze.

MAC Address Vendors

If you prefer to build your own Splunk Addon using the Rumble API or would like help integrating Rumble data into a different backend, drop us a line!

Written by HD Moore

HD Moore is the founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.

More about HD Moore
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved