Improving BigFix integration with Splunk

jmaple 2017-10-10 15:11:57 UTC #1

Greetings Programs!

It's been a while since I've been around and that's because I've had a job change in these past few months. With this change comes some time on my hands and with that time, I believe I want to improve integration with BigFix and Splunk.

Currently Splunk has a Splunk for BigFix app on Splunkbase that uses Python scripts to query the Web Reports SOAP API for deployment information. While this app does bring in information, I feel there is a much better way to do it using the REST API as well as adding the potential for automatic actions to be kicked off from analytic results from Splunk directly.

Is this something that the BigFix community would be interested in seeing? I know that my previous experience with the Splunk app was that while the information was basically just a host dump with some properties attached, I always felt there was more that was unexplored because the versions of BigFix and Splunk were many years ago when the apps and scripts were developed.

Sean 2017-10-11 18:08:19 UTC #2

Welcome back! Due to my lack of experience with it, I always love seeing more REST API info / posts. I have seen a few posts about Splunk also, so I'm sure people would find it useful.