Splunk Integration

Bi-directional integration with Splunk Enterprise and Splunk Cloud. Piscium forwards validated exposure events, attack graph updates, and remediation status changes as structured CIM-compliant events into Splunk indexes. Splunk correlation searches can trigger Piscium re-scans via the REST API, creating a closed-loop detection-validation workflow.

Back to Features

What You Get

Why Splunk?

Security teams already monitor their environment in Splunk. By enriching Splunk events with Piscium's validated exposure data, analysts can distinguish between theoretical vulnerabilities and confirmed exploitable paths — reducing alert fatigue and accelerating incident triage.

Example Scenario

A Splunk correlation search detects anomalous lateral movement attempts on an OT network segment. The alert triggers a Piscium on-demand scan of the affected zone. Piscium's AI agents validate that CVE-2024-21762 on a Fortinet VPN gateway is exploitable and chains into a Level 2 HMI workstation. The validated attack path is pushed back to Splunk as a Notable Event with full evidence, enabling the SOC to prioritize remediation within the SLA.

Implementation Notes

Requires Splunk HTTP Event Collector (HEC) token with a dedicated index. Piscium sends events using the CIM Network Traffic and Vulnerability data models. Supports Splunk Enterprise 9.x+ and Splunk Cloud. Recommended: create a dedicated Splunk role with write access only to the Piscium index.

Webhook Payload Example

{
  "event": "exposure.validated",
  "timestamp": "2026-03-15T14:32:00Z",
  "exposure_id": "EXP-2026-00451",
  "severity": "critical",
  "cvss_score": 9.8,
  "cve": "CVE-2024-21762",
  "affected_asset": "fw-edge-01.ot.corp.local",
  "attack_path_id": "AG-1102",
  "blast_radius": 14,
  "remediation_status": "pending"
}

Ready to Connect Splunk?

See the integration running live in your environment.

Request a Demo All Features