https://github.com/purestorage-openconnect/splunk-security-solutions

Space for sharing Splunk realted security solution artifacts with public
https://github.com/purestorage-openconnect/splunk-security-solutions

Last synced: 8 months ago
JSON representation

Space for sharing Splunk realted security solution artifacts with public

• Host: GitHub
• URL: https://github.com/purestorage-openconnect/splunk-security-solutions
• Owner: PureStorage-OpenConnect
• Created: 2025-01-08T11:51:24.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-01-15T07:28:51.000Z (about 1 year ago)
• Last Synced: 2025-05-30T00:05:03.918Z (9 months ago)
• Language: Python
• Size: 1.35 MB
• Stars: 0
• Watchers: 5
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
Pure Storage Splunk Playbooks

Overview

This repository contains play books designed for Pure Storage FlashArray and FlashBlade to enhance threat response workflows. These playbooks automate actions triggered by alerts, such as creating snapshots for 

volumes or protection groups, ensuring efficient and proactive incident management. Features 1. FlashArray Workflows: Automates actions such as taking snapshots of volumes and protection groups in response to alerts.

Additionally, it facilitates the removal of local users from the FlashArray, streamlining user management and enhancing security 2. FlashBlade Workflows: Automates actions such as taking snapshots of the filesystems in 

response to alerts.. 3. Customizable Playbooks: Tailored to integrate seamlessly with your security environment for streamlined incident response.

Pre-requisites

To use these play books effectively, ensure the following pre-requisites are met: 1. Custom Lists: Predefine and populate resources such as storage volumes, protection groups, file systems, and user names.

These lists establish a proactive foundation for securing critical resources and automating responses. 2 Containers: Group related artifacts and security events to streamline processing and provide enhanced 

contextual analysis. 3 Assets: Act as integration connectors for seamless interaction with external tools and systems, ensuring efficient data flow across workflows like FlashArray or FlashBlade

Pure Storage FlashArray

This workflow enables automated actions in response to alerts generated on Pure Storage FlashArray, which are parsed and analyzed within Splunk Enterprise SIEM and subsequently forwarded to Splunk SOAR for

orchestration and response . The workflow is based on the following PureStorage FlashArray documentation.The workflow is based on the following PureStorage FlashArray documentation. 

https://support.purestorage.com/bundle/m_flasharray_release/page/FlashArray/FlashArray_Release/Purity_FA_REST_API_Release_Notes/topics/concept/c_purityfa_rest_api_2x_release_notes.html

Pure Storage FlashBlade

This workflow enables automated actions in response to alerts generated on Pure Storage FlashBlade, which are parsed and analyzed within Splunk Enterprise SIEM and subsequently forwarded to Splunk SOAR for orchestration 

and response. The workflow is based on the following PureStorage FlashBlade documentation.

https://support.purestorage.com/bundle/m_flashblade_release/page/FlashBlade/FlashBlade_Release/Purity_FB_REST_API_Release_Notes/topics/concept/c_purityfb_rest_api_2x_release_notes.html