Claroty xDome Add-on for Splunk
Overview
Details
The Claroty xDome Add-on is designed to map multiple source types to identify the type of data the add-on collects from Claroty xDome to the following Splunk data models: Splunk Common Information Model (CIM), Splunk Enterprise Security (ES) and Splunk Add-On for OT Security.
Resulting in the efficacy of monitoring all assets and potential threats in your healthcare and industrial environments in one location, leading to more effective security monitoring and stronger security posture.
Note: This add-on maps data from Medigate by Claroty and Claroty xDome platforms.
The Claroty xDome Add-on delivers comprehensive visibility, security and alert management capabilities for healthcare and industrial network environments.
The Claroty xDome Add-on is designed to map multiple source types to identify the type of data the add-on collects from Claroty xDome to the following data models: Splunk Common Information Model (CIM), Splunk Enterprise Security (ES), Splunk Add-On for OT Security.
The application add-on enables Splunk to automatically ingest Medical, operational technology (OT), IoT and IT asset data, communication events and alert information from Claroty xDome.
Resulting in the efficacy of monitoring all assets and potential threats in your healthcare and industrial environments in one location, leading to more effective security monitoring and stronger security posture.
Benefits include:
• Unified visibility across Medical, OT, IoT and IT environments.
• Extend your existing IT SOC workflows and capabilities to Medical and OT systems.
• Manage all Medical, OT, IoT and IT alerts from a single viewpoint within the SIEM.
Note: This add-on maps data from Medigate by Claroty and Claroty xDome platforms.
Release Notes
Version 1.1.4
Updated the Claroty xDome Add-on to maintain compatibility with current versions of Splunk Enterprise.
Version 1.1.3
Fixing an issue where some dashboards were not visible in the app UI.
Version 1.1.0
Pre-Defined dashboards based on xDome data. Data sets include devices, alerts, vulnerabilities and communications.
Mapped Claroty's xDome data of vulnerabilities to the Common Information Model (CIM) Add-on. Mapping includes fields of vulnerabilities (EX: CVSS) and their affected devices ids. Additional vulnerability attributes that do not match the CIM fields are available as part of the exported vulnerability object.
Added events and alerts fields: mitre_attack_techniques, Communication Events custom fields (such as ip_protocol), Network Threat Signature and Out-of-Policy Communication alert type fields and events.
Version 1.0.0
Version 1.0.0
What's New? - Version 1.0.0:
Mapped Claroty’s XDome data of assets, communication events and alert information with Splunk CIM, Splunk ES and OT Security Data Models. Mapping includes objects and fields.