Splunk for Kisi Data Analytics

Splunk for Access Control

Although Splunk is not an official Kisi integration, many users began using it (among other SIEM tools) in collaboration with Kisi. Common use cases are compliance for long-term access log retention (SOC2, PCI event audits), easier alerts within Splunk (door held open and forced open alerts with contact sensors and REX buttons), trend mapping and other visualizations within Splunk. For example, if an auditor wants to know who entered the network closet in the past 90 days then they would program 'index=pac sourcetype=kisi:access door="Network Closet" | table _time, door, user,' — and the search would return with the information in a few seconds.

Users also use Splunk with Kisi for behavior analytics, including tracking of physical access with software-based access. For example, John Smith went into room 'x' and logged into  workstation 'x' (Splunk data).

Here are some ideas that users had for using Kisi with Splunk:

1) The Splunk add-on to ingest the logs using scripted input, aka python scripts, against Kisi's API.

2) AWS: Kisi sends to S3 bucket, Splunk reads from S3 bucket with AWS add-on.

Have more ideas? Send them to us: support@getkisi.com

Get in Touch

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.