Splunk TA/App for SMA
After being promised splunk connectivity during our sales process, we found that the data exported through syslog is very limited. I have Spoken with Joshua Herrera and Stacy Pickering regarding this and was politely told that nothing can be done to increase syslog verbosity or install a Splunk UF on our tenant. This sounds like the only option is for Kace to produce a Splunk TA/App that would allow secure API based connectivity and near real-time log collection via the Kace API.
For the sake of maintaining us as your customer, I implore you to please author a Splunk TA/APP and place it on splunkbase.com. We would be happy to help beta test this for you and It would assuage our Security Team's concerns with getting logging from the Kace system.
Additional information on Splunk's add-on development can be found at this link: https://docs.splunk.com/Documentation/AddonBuilder/3.0.1/UserGuide/NameProject
I foresee security eventually forcing us to move to another product if this isn't added. Every year the security audits seem to get stricter and stricter and it just doesn't make sense to keep creating risk acceptances for things like basic logging.
I hear you... you can dbxquery directly to the kace DB in order get some of the data needed for now.