Splunk Suggestion / Re-architecture / Enhancement

[mwilco03]

Currently the Splunk config is set up in cron job style.
This is somewhat Rube Goldberg-ian and is ripe for simplification.
However in lack of a better solution I would submit this would be a plausible path forward.
By employing the webhook from twistlock it will send a post request to an endpoint.
In testing I have set up a flask (python) web server that upon receiving a post request (in this case from the webhook).
It then fires off the poll_incidents and poll_forensics and follows the rest of the configuration flow.
It could be deployed as a container alongside current containers in twistlock.
More over it could then have environment variables assigned for example index that could generate the files that come along with the app.