CASE STUDY:

Splunk SIEM implementation for Threat Intelligence companies with custom JS and CSS

 

CUSTOMER BACKGROUND:
A leading Threat Intelligence product company had a requirement to develop Splunk App to enrich their Advisory Intelligence Reports and Network Traffic as rich visualization Dashboard.

PROJECT GOALS:
To develop Splunk App with Add-on, create several custom dashboards with rich visualization using Tables, Columns, Timelines, Pie Charts, Bar Charts, Single Values.

THE CHALLENGE:
Extend the Splunk UI using custom JavaScript and CSS and create highly personalized and diverse dashboards.

RESULTS:
Loginsoft has an extensive expertise in Splunk which helped our leading Threat Intelligence client to experience the best in class visual dashboards with custom icons.

APPROACH:
Developed a Python program to pull data from API source to Splunk as Add-on and configured custom Dashboards as Table, Columns, Timelines, Pie Charts, Bar Charts, Single Value elements.

Custom Tooltip using JavaScript
When logs are visualized in Splunk Application, there is no option to create a custom Tooltip i.e. a mouse hover popup on a data point in the timeline graph.

Loginsoft has leveraged Jquery and JavaScript to implement this feature otherwise unavailable.

Custom Icons:
Loginsoft leveraged JavaScript to create custom icons and also change the color for the text based on an event trigger for one of the dashboards as shown below.

Configuration Bundle with Custom CSS:
Users cannot show Checkbox options alongside count in Splunk. To mitigate this, Loginsoft bundled a Checkbox Input with table data from Splunk by overwriting Splunk’s default style with Loginsoft’s custom CSS.

Additionally, Loginsoft has leveraged JavaScript to add functionalities that allow users to append graphs in order of selection.