Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cp65536
Explorer

Sending Harmony Endpoint EDR Detections to a SIEM

I've written a Python module for querying Harmony Endpoint detections ('Active Attacks'). The code is here, within a Splunk add-on for ingesting those alerts into Splunk.

gf13579/ta_for_cpharmony (github.com)

Note that the module can be used independently of Splunk - just grab cpharmonylib.py and cpharmony_consts.py.

Also note that this code isn't using the Harmony Connect API (Build, Collaborate & Integrate APIs | SwaggerHub) as that doesn't appear to support querying endpoint detections (yet). The module I've written is leveraging the APIs used by the Infinity Portal itself.

This blog post explains how it works in more detail: Connecting the Unconnectable; Borrowing APIs from Single Page Applications | spinning plates.

0 Kudos
0 Replies