Skip to content
/ Splunk-Security-Solutions Public

Space for sharing Splunk realted security solution artifacts with public

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

PureStorage-OpenConnect/Splunk-Security-Solutions

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
Pure Storage Splunk Playbooks
Pure Storage Splunk Playbooks
 
 
README.md
README.md
 
 

Repository files navigation

Pure Storage Splunk Playbooks Overview

This repository contains play books designed for Pure Storage FlashArray and FlashBlade to enhance threat response workflows. These playbooks automate actions triggered by alerts, such as creating snapshots for volumes or protection groups, ensuring efficient and proactive incident management. Features 1. FlashArray Workflows: Automates actions such as taking snapshots of volumes and protection groups in response to alerts. Additionally, it facilitates the removal of local users from the FlashArray, streamlining user management and enhancing security 2. FlashBlade Workflows: Automates actions such as taking snapshots of the filesystems in response to alerts.. 3. Customizable Playbooks: Tailored to integrate seamlessly with your security environment for streamlined incident response.

Pre-requisites

To use these play books effectively, ensure the following pre-requisites are met: 1. Custom Lists: Predefine and populate resources such as storage volumes, protection groups, file systems, and user names. These lists establish a proactive foundation for securing critical resources and automating responses. 2 Containers: Group related artifacts and security events to streamline processing and provide enhanced contextual analysis. 3 Assets: Act as integration connectors for seamless interaction with external tools and systems, ensuring efficient data flow across workflows like FlashArray or FlashBlade

Pure Storage FlashArray

This workflow enables automated actions in response to alerts generated on Pure Storage FlashArray, which are parsed and analyzed within Splunk Enterprise SIEM and subsequently forwarded to Splunk SOAR for orchestration and response . The workflow is based on the following PureStorage FlashArray documentation.The workflow is based on the following PureStorage FlashArray documentation. https://support.purestorage.com/bundle/m_flasharray_release/page/FlashArray/FlashArray_Release/Purity_FA_REST_API_Release_Notes/topics/concept/c_purityfa_rest_api_2x_release_notes.html

Pure Storage FlashBlade

This workflow enables automated actions in response to alerts generated on Pure Storage FlashBlade, which are parsed and analyzed within Splunk Enterprise SIEM and subsequently forwarded to Splunk SOAR for orchestration and response. The workflow is based on the following PureStorage FlashBlade documentation. https://support.purestorage.com/bundle/m_flashblade_release/page/FlashBlade/FlashBlade_Release/Purity_FB_REST_API_Release_Notes/topics/concept/c_purityfb_rest_api_2x_release_notes.html

About

Space for sharing Splunk realted security solution artifacts with public

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages