Syncing Rumble Assets with Splunk
We are excited to announce the availability of an official Splunk Addon for Rumble!
This addon uses the new Asset Sync API included in version 1.3.1 of the platform and supports two modes of operation.
The New Assets Only
mode will only pull in assets that have not been seen before, or could not be uniquely identified after being rescanned. The All Updated Assets
mode will pull all changed assets since the last poll. The backend Asset Sync API is nearly identical to a standard asset export, including support for search filters, but allows checkpoints, where only data since a previous poll is returned.
If you want to sync only assets with a certain port or protocol open, using a filter like protocol:ftp
can create a new Splunk input just for FTP servers. If you want to sync only assets found after a certain date, the created:2020-01-24:00:00:00
filter can be used to only return assets discovered after January 24th. Any asset search query can be applied to the input and multiple inputs can be used to feed various types of data into the Splunk backend.
Once the Rumble asset data is in Splunk, slicing and dicing it becomes a breeze.
If you prefer to build your own Splunk Addon using the Rumble API or would like help integrating Rumble data into a different backend, drop us a line!

HD Moore is the co-founder and CEO of runZero. Previously, he founded the Metasploit Project and served as the main developer of the Metasploit Framework, which is the world's most widely used penetration testing framework.
Similar Content
March 10, 2022
runZero and Noetic integrate to automate workflows that solve coverage gaps
Lack of visibility, correlation, and automation are major hurdles impeding security vulnerability identification and mitigation. Existing tooling often imprecisely fingerprints anything but common devices like standard-issue workstations. Some tools miss unmanaged and …
Read MoreApril 13, 2021
Rumble 2.1: Notification Templates, AWS EC2 Enrichment, and Cisco SNTC Exports
Rumble Network Discovery 2.1 # Rumble 2.1 is now live with support for custom notification templates, AWS EC2 scan enrichment, Cisco serial number exports for SNTC, faster exports, more flexible imports, an updated Splunk Addon, and much more! Custom notification emails and …
Read More