We often hear from customers who have existing Security Information and Event Management (SIEM) tools, like Splunk or QRadar, and wish to leverage those investments in combination with the unique data that we can provide. And for our own part, we believe that security vendors should interoperate seamlessly to best protect enterprise assets. Therefore, we have been hard at work on an enterprise-integration initiative, and are pleased to announce the general availability of our real-time event API: Mojave Connect.
With this API, customers gain full visibility into the events flowing through Mojave as they happen, including,
- Network Activity — Source (IP, port, user agent), Destination (IP, port, URI), bytes transferred, protocol, network type (carrier, wifi), category, action (block, audit, allow), and more
- Device Activity — Event type (lock, wipe, locate, diagnostics, app installation, etc.), severity (alert, warning, low), device (make, model), user
Customers can then store and analyze these events as suits their needs. For example, companies can collate network events happening on devices outside of the corporate network with events happening internally. Having a single, homogeneous corpus of all network activity across the enterprise will make it easier to find anomalies and threats, and having it all centralized will make it that much easier for IT to manage.
So how does it work?
Mojave Connect consists of two layers, each providing different opportunities for integration:
- Mojave Connect SDK — The SDK (currently available for Java; other versions forthcoming) is a low-level library for consuming our real-time event streams. Customers with proprietary applications might want to use the SDK directly so that they can customize the interaction to best suit their needs.
- Mojave Connect Agent — These are higher-level software agents that wrap the SDK and are deployed onsite to provide integration with a specific third-party application:
- The Syslog Agent for Mojave Connect reads events from the event stream and logs them to the local syslog daemon.
- The Spunk Agent for Mojave Connect is a Splunk add-in (soon to be published to the Splunk App marketplace) that lets you add Mojave streams to your enterprise data as seamlessly as any other data source.
- Many more to come…
Contact us today to take the Mojave Connect API for a spin.
Special thanks to Josh Bandur for helping write this post and more importantly writing the API!