2010-02-09T12:45:37+00:00 http://www.splunkbase.com/api/apps/entries/?category=Compliance 5 10 1 2009-10-15T21:35:43+00:00 http://www.splunkbase.com/api/apps/entries/Encrypt+and+Decrypt+data+within+Events ndoshi 111 ndoshi nimish@splunk.com 2009-10-07T17:23:55+00:00 2009-10-15T21:35:43+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Encrypt+and+Decrypt+data+within+Events 1.0.1 Search Commands Inputs Custom Processing No Data 1 1 http://www.splunkbase.com/apps/Encrypt+and+Decrypt+data+within+Events http://www.splunkbase.com/apps:screenshot/original/Encrypt+and+Decrypt+data+within+Events/icon.jpg 36 36 0 0 0 0 0 0 3.0.0 4.999.999

The purpose of this distribution is to create an easy way to encrypt data within events and decrypt data at search time depending on the role. The distribution uses pyDes available at http://twhiteman.netfirms.com/des.html The basic idea is to first encrypt data within an event and produce a new file with the same content as before, but with the data matching group(1) in a regular expression encrypted and saved on disk using base64. The next thing to do is index the newly required file into Splunk with a sourcetype. At search time, you will then be able to decrypt the data within the event based on your role's ability to run the supplied decrypt command. Read the README.txt for installation and usage.

2009-06-17T21:19:00+00:00 http://www.splunkbase.com/api/apps/entries/Splunk+for+OSSEC elazar 1988 elazar 2009-02-16T18:24:43+00:00 2009-06-17T21:19:00+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Splunk+for+OSSEC 0.4.3 Fields Event Types 4.0 6 1 http://www.splunkbase.com/apps/Splunk+for+OSSEC 0 0 http://www.splunkbase.com/apps:screenshot/original/Splunk+for+OSSEC/screenshot.jpg 191 81 http://www.splunkbase.com/apps:screenshot/scaled/Splunk+for+OSSEC/screenshot.jpg 640 271 http://www.splunkbase.com/apps:screenshot/thumb/Splunk+for+OSSEC/screenshot.jpg 118 50 3.0.0 3.999.999

Field extraction for OSSEC HIDS(http://www.ossec.net)

2009-03-23T23:06:28+00:00 http://www.splunkbase.com/api/apps/entries/Splunk+for+PCI+for+Splunk+3.x Splunk 5031 Splunk 2008-01-11T00:03:07+00:00 2009-03-23T23:06:28+00:00 Email sales@splunk.com for pricing Contact Splunk For Trial http://www.splunkbase.com/apps:license/Splunk+for+PCI+for+Splunk+3.x for Splunk 3.3 and 3.4 Searches Reports Event Types Alerts 4.5 6 0 http://www.splunkbase.com/apps/Splunk+for+PCI+for+Splunk+3.x 0 0 http://www.splunkbase.com/apps:screenshot/original/Splunk+for+PCI+for+Splunk+3.x/screenshot.jpg 120 75 http://www.splunkbase.com/apps:screenshot/scaled/Splunk+for+PCI+for+Splunk+3.x/screenshot.jpg 640 400 http://www.splunkbase.com/apps:screenshot/thumb/Splunk+for+PCI+for+Splunk+3.x/screenshot.jpg 117 73 3.0.0.0 3.999.999

The Splunk PCI application offers over 57 reports, more than 91 saved searches, a dashboard, and corresponding alerts you can use to satisfy PCI requirements such as secure remote access, file integrity monitoring, secure log collection, daily log review, audit trail retention, and PCI control reporting.

2008-10-23T23:50:16+00:00 http://www.splunkbase.com/api/apps/entries/Script+for+database+inputs rcarney 3152 rcarney 2008-10-23T23:50:16+00:00 2008-10-23T23:50:16+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Script+for+database+inputs 0.1 Scripted Inputs Integration Inputs Custom Processing 3.5 4 1 http://www.splunkbase.com/apps/Script+for+database+inputs 0 0 0 0 0 0 0 0 3.0.0.0 3.999.999

This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.

2007-09-07T04:18:53+00:00 http://www.splunkbase.com/api/apps/entries/Negative+Searching+Demo+Bundle maverick 753 maverick 2007-08-13T04:17:04+00:00 2007-09-07T04:18:53+00:00 Free Creative Commons http://www.splunkbase.com/apps:license/Negative+Searching+Demo+Bundle 1.0 Searches Reports Inputs Fields Alerts No Data 1 1 http://www.splunkbase.com/apps/Negative+Searching+Demo+Bundle 0 0 0 0 0 0 0 0 3.0.0.0 3.999.999

This bundle, created jointly by Maverick and Stephen Sorkin, demonstrates a way to perform negative searches by indexing known patterns and catching anomalous patterns into a separate index.