diff --git a/README.md b/README.md index 36cfbd7..5b85760 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,5 @@ # .github -Github Profile + +GitHub organization profile for [Deductiv](https://github.com/deductiv). + +The organization profile is located at [`profile/README.md`](profile/README.md). diff --git a/profile/README.md b/profile/README.md new file mode 100644 index 0000000..fa26c89 --- /dev/null +++ b/profile/README.md @@ -0,0 +1,67 @@ +# Deductiv + +**Solving common pain points for Splunk customers through practical, open-source tooling.** + +We are a team of Splunk practitioners who build purpose-driven apps and add-ons that address real-world operational challenges. Our projects grow from hands-on experience — when we encounter a recurring problem in Splunk deployments, we build a solution and share it. + +--- + +## 🛠️ Our Projects + +### [KV Store Tools](https://github.com/deductiv/kvstore_tools) +A Splunk app for managing KV Store collections at scale. Provides backup, restore, and export capabilities that are missing from the native Splunk interface — making it straightforward to protect lookup data, migrate configurations across environments, and recover from unexpected changes. + +**Solves:** KV Store data loss risk, lack of native backup tooling, painful cross-environment migrations. + +--- + +### [Fuzzy Lookup](https://github.com/deductiv/fuzzylookup) +A custom Splunk search command that enriches search results using fuzzy (near-match) logic against lookup tables. Useful when your source data has inconsistent formatting, typos, or slight variations that prevent exact matches from working. + +**Solves:** Failed enrichment due to data quality issues, manual data cleansing overhead, unreliable exact-match lookups on messy datasets. + +--- + +### [TA-dnslookup](https://github.com/deductiv/TA-dnslookup) +A Splunk Technology Add-on that enriches search results with live DNS query results for any record type from any DNS server via scripted lookups. Goes beyond simple forward/reverse lookups to support A, AAAA, MX, TXT, CNAME, and other record types. + +**Solves:** Lack of flexible, on-demand DNS enrichment in Splunk, dependency on static lookup tables for IP-to-hostname resolution. + +--- + +### [Deductiv Splunk App](https://github.com/deductiv/deductiv_splunk) +A general-purpose Splunk app that bundles tools, dashboards, and scripts useful across a range of Splunk deployments. Serves as a foundation for common operational and investigative workflows. + +**Solves:** Repetitive custom development for standard Splunk operational tasks. + +--- + +### [Search Tools](https://github.com/deductiv/search_tools) +A collection of general-purpose custom Splunk search commands designed to extend the SPL toolkit for analysts and developers. + +**Solves:** Gaps in native SPL capabilities, repetitive one-off scripting for common search transformations. + +--- + +## 🤝 Collaboration + +We actively collaborate with the broader Splunk developer community. If you are building a Splunk app or add-on and want to work together — whether to integrate functionality, share ideas, or contribute improvements — we welcome it. + +- **Found a bug or have a feature idea?** Open an issue in the relevant repository. +- **Want to contribute code?** Pull requests are welcome in all of our projects. +- **Building something complementary?** Reach out — we are always interested in working with other developers on tools that make Splunk more powerful and easier to operate. + +--- + +## 📋 Use Cases We Focus On + +| Pain Point | Our Solution | +|---|---| +| KV Store data is unprotected and hard to migrate | [KV Store Tools](https://github.com/deductiv/kvstore_tools) | +| Lookup enrichment fails due to inconsistent data formatting | [Fuzzy Lookup](https://github.com/deductiv/fuzzylookup) | +| DNS record enrichment is rigid or requires static tables | [TA-dnslookup](https://github.com/deductiv/TA-dnslookup) | +| Repetitive custom SPL development for common tasks | [Search Tools](https://github.com/deductiv/search_tools) / [Deductiv Splunk App](https://github.com/deductiv/deductiv_splunk) | + +--- + +*All of our projects are open source. We build these tools because we use them ourselves, and we share them because the Splunk community is better when we build together.*