A python script that can be used by a Splunk custom command to query the Cymon.io API. If you have any comments or suggestions please raise an issue and I'll get back to you.
- Splunk 6.0+
- Internet connection
- Add the following to your Splunk apps commands.conf
[cyLookup]
filename = cymonsplunk.py- Add cymonsplunk.py to
$SPLUNK_HOME/etc/apps/<app_name>/bin/
#####To query an IP
From Splunk search run | cymon __EXECUTE__ 8.8.8.8 | spath input=cy
From Splunk search run | cymon __EXECUTE__ google.com | spath input=cy
- Add support for full cymon.io python library (https://github.com/eSentire/cymon-python)
- Add option for scripted input, e.g inputlookup against proxy or firewall logs.
- Add support for API keys.
- Add support for domain queries.
Used a one or two line snippet of another script but can't remember where I found it from.