It’s been a while since I’ve been around and that’s because I’ve had a job change in these past few months. With this change comes some time on my hands and with that time, I believe I want to improve integration with BigFix and Splunk.
Currently Splunk has a Splunk for BigFix app on Splunkbase that uses Python scripts to query the Web Reports SOAP API for deployment information. While this app does bring in information, I feel there is a much better way to do it using the REST API as well as adding the potential for automatic actions to be kicked off from analytic results from Splunk directly.
Is this something that the BigFix community would be interested in seeing? I know that my previous experience with the Splunk app was that while the information was basically just a host dump with some properties attached, I always felt there was more that was unexplored because the versions of BigFix and Splunk were many years ago when the apps and scripts were developed.