Security Applications Applications

Not a Splunk user? Download Splunk, set up your Splunk server, and then install your Applications(s) to extend your server.

Screenshot

AfterGlow Graphing

This new search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application!

Author: raffy Type: Searches, Search Commands, Event Actions
Rating:
(3 votes)
 Added: 16 months ago
Downloads: 2,529 Last Updated: 4 months ago
License: Creative Commons Price: Free
Categories:

Nessus Bundle

This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.

Author: maverick Type: Fields, Alerts, Reports, Searches
Rating: Awaiting 3 votes Added: 16 months ago
Downloads: 421 Last Updated: 15 months ago
License: Creative Commons Price: Free
Categories:

adds support for anonymizing log files at index time

anonymizes ip address as 127.0.0.1 (localhost); email addresses as user@domain.com ; social-security-numbers as 555-00-0000; password/passwd looking values as 'password' ; username/userid/login/user looking values as 'bob'.

Author: carasso Type: Custom Processing, Fields
Rating: Awaiting 3 votes Added: 16 months ago
Downloads: 72 Last Updated: 16 months ago
License: Creative Commons Price: Free
Categories:

Snort fields

Extracts snort 2.6 fields which can be used in reporting.

Author: mfratto Type: Fields
Rating: Awaiting 3 votes Added: 15 months ago
Downloads: 200 Last Updated: 14 months ago
License: Creative Commons Price: Free
Categories:
Screenshot

Nmap Scripted Input & Field Extraction

Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data.

Author: araitz Type: Scripted Inputs, Fields
Rating: Awaiting 3 votes Added: 14 months ago
Downloads: 257 Last Updated: 14 months ago
License: Creative Commons Price: Free
Categories:

Sancp/Sguil Add-on

This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.

Author: araitz Type: Inputs, Custom Processing
Rating: Awaiting 3 votes Added: 12 months ago
Downloads: 31 Last Updated: 12 months ago
License: Creative Commons Price: Free
Categories:

Netcache fields, inputs, and event types

This add-on normalizes Netcache fields so that other Splunk applications understand them.

Author: Splunk Type: Inputs, Fields, Event Types
Rating: Awaiting 3 votes Added: 11 months ago
Downloads: 32 Last Updated: 11 months ago
License: Creative Commons Price: Free
Categories:
Screenshot

Splunk for Snort

This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).

Author: Splunk Type: Inputs, Fields, Event Types
Rating: Awaiting 3 votes Added: 11 months ago
Downloads: 599 Last Updated: 4 months ago
License: Creative Commons Price: Free
Categories:

Splunk for Snare

The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events.

Author: Splunk Type: Inputs, Fields, Event Types
Rating: Awaiting 3 votes Added: 11 months ago
Downloads: 1,045 Last Updated: 2 months ago
License: Creative Commons Price: Free
Categories:

Squid Web Proxy

== Squid Application == This application will provide additional field extractions for Squid Proxy Server access_log files == Using Squid Application == At search time the following additional fields will be available: - duration - clientip - action - http_status - bytes - method - uri - proto - uri_host - uri_port - uri_path - username - hierarchy - server_ip - content_type

Author: rataide Type: Fields
Rating: Awaiting 3 votes Added: 6 months ago
Downloads: 272 Last Updated: 5 months ago
License: Creative Commons Price: Free
Categories: