Add deductiv organization profile README

README.md

@@ -1,2 +1,5 @@
 # .github
-Github Profile
+
+GitHub organization profile for [Deductiv](https://github.com/deductiv).
+
+The organization profile is located at [`profile/README.md`](profile/README.md).

profile/README.md

@@ -0,0 +1,67 @@
+# Deductiv
+
+**Solving common pain points for Splunk customers through practical, open-source tooling.**
+
+We are a team of Splunk practitioners who build purpose-driven apps and add-ons that address real-world operational challenges. Our projects grow from hands-on experience — when we encounter a recurring problem in Splunk deployments, we build a solution and share it.
+
+---
+
+## 🛠️ Our Projects
+
+### [KV Store Tools](https://github.com/deductiv/kvstore_tools)
+A Splunk app for managing KV Store collections at scale. Provides backup, restore, and export capabilities that are missing from the native Splunk interface — making it straightforward to protect lookup data, migrate configurations across environments, and recover from unexpected changes.
+
+**Solves:** KV Store data loss risk, lack of native backup tooling, painful cross-environment migrations.
+
+---
+
+### [Fuzzy Lookup](https://github.com/deductiv/fuzzylookup)
+A custom Splunk search command that enriches search results using fuzzy (near-match) logic against lookup tables. Useful when your source data has inconsistent formatting, typos, or slight variations that prevent exact matches from working.
+
+**Solves:** Failed enrichment due to data quality issues, manual data cleansing overhead, unreliable exact-match lookups on messy datasets.
+
+---
+
+### [TA-dnslookup](https://github.com/deductiv/TA-dnslookup)
+A Splunk Technology Add-on that enriches search results with live DNS query results for any record type from any DNS server via scripted lookups. Goes beyond simple forward/reverse lookups to support A, AAAA, MX, TXT, CNAME, and other record types.
+
+**Solves:** Lack of flexible, on-demand DNS enrichment in Splunk, dependency on static lookup tables for IP-to-hostname resolution.
+
+---
+
+### [Deductiv Splunk App](https://github.com/deductiv/deductiv_splunk)
+A general-purpose Splunk app that bundles tools, dashboards, and scripts useful across a range of Splunk deployments. Serves as a foundation for common operational and investigative workflows.
+
+**Solves:** Repetitive custom development for standard Splunk operational tasks.
+
+---
+
+### [Search Tools](https://github.com/deductiv/search_tools)
+A collection of general-purpose custom Splunk search commands designed to extend the SPL toolkit for analysts and developers.
+
+**Solves:** Gaps in native SPL capabilities, repetitive one-off scripting for common search transformations.
+
+---
+
+## 🤝 Collaboration
+
+We actively collaborate with the broader Splunk developer community. If you are building a Splunk app or add-on and want to work together — whether to integrate functionality, share ideas, or contribute improvements — we welcome it.
+
+- **Found a bug or have a feature idea?** Open an issue in the relevant repository.
+- **Want to contribute code?** Pull requests are welcome in all of our projects.
+- **Building something complementary?** Reach out — we are always interested in working with other developers on tools that make Splunk more powerful and easier to operate.
+
+---
+
+## 📋 Use Cases We Focus On
+
+| Pain Point | Our Solution |
+|---|---|
+| KV Store data is unprotected and hard to migrate | [KV Store Tools](https://github.com/deductiv/kvstore_tools) |
+| Lookup enrichment fails due to inconsistent data formatting | [Fuzzy Lookup](https://github.com/deductiv/fuzzylookup) |
+| DNS record enrichment is rigid or requires static tables | [TA-dnslookup](https://github.com/deductiv/TA-dnslookup) |
+| Repetitive custom SPL development for common tasks | [Search Tools](https://github.com/deductiv/search_tools) / [Deductiv Splunk App](https://github.com/deductiv/deductiv_splunk) |
+
+---
+
+*All of our projects are open source. We build these tools because we use them ourselves, and we share them because the Splunk community is better when we build together.*