Security Applications
Not a Splunk user? Download Splunk, set up your Splunk server, and then install your Applications(s) to extend your server.
Featured Application:
Splunk for Network Security
More...
- Recent
- |
- Highly Rated
- |
- Most Downloaded
AfterGlow Graphing
This new search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application!
Splunk for Use with F5 Networks Solutions
Working with F5 we have built our first Splunk for F5 application which contains, saved searches, reports and dashboards for the F5 application firewall logs (ASM) and FirePass. There is a Splunk globe application included which is configured to plot the location of attackers logged in the ASM data and contains violation and web application info.
Splunk for OSSEC
Field extraction for OSSEC HIDS(http://www.ossec.net)
Script for database inputs
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.
Splunk for Network Security
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
Common Event Format - Field Extractions
CEF or the common event format is an event interoperability standard, defining a common syntax for communication among log generating devices and applications. This is an add-on to extract the fields of CEF messages.
Sancp/Sguil Add-on
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
Sonicwall Firewall
This bundle performs field extractions for sonicwall TZ 170 without the UTM/IDS modules
Syslog Priority Decoder
this searchscript converts syslog priority into the appropriate severity and facility.
Splunk for tcpdump
This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard.
Splunk for Windows Firewall
Splunk for Windows Firewall provides field extractions, event types, and saved searches for Windows firewall logs.
IP2Location - GeoIP Lookups
Provide IP-to-location look up support via a free GeoIP API. Please see README for non-trivial installation instructions. Latest changes (See CHANGELOG for full details): * Enhancement: Added a switch ["-nodns"|"nodns"] to disable name resolution. Usage: ....| geoip -nodns dest_ip * Enhancement: Now only real RFC/1918 IPs will have the city populated with "RFC/1918" other IPs with no resolution revert to "Unknown"
Splunk for use with Palo Alto Networks
Splunk and Palo Alto Networks have developed an application which provides users with fingertip access to the wealth of information on applications, users and content that Palo Alto Networks next generation firewalls generates. The evolution of the application and threat landscape has resulted in a loss of visibility and control over applications, users and content. The loss of visibility and control exposes enterprises to business risks including network downtime, increased operational expenses, and data loss through unauthorized data transfer.
Dante SOCKS Proxy
This App implements field extractions compatible with Splunk's Common Information Model and event types for Dante SOCKS Proxy logs. It's useful to complement other Apps.
SS5 SOCKS Proxy
This App implements field extractions compatible with Splunk's Common Information Model for SS5 SOCKS Proxy logs. It's useful to complement other Apps.