Security Applications Fields Applications

Want to custom-define fields in your events?

Field Applications let you download field definitions to install in your Splunk server, or share fields you made yourself! Even better, an Application can have more than one type of content, so you can add fields to any Application.

Not a Splunk user? Download Splunk, set up your Splunk server, and then install your Applications(s) to extend your server.

Nessus Bundle

This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type.

Author: maverick Type: Fields, Alerts, Reports, Searches
Rating: Awaiting 3 votes Added: 16 months ago
Downloads: 421 Last Updated: 15 months ago
License: Creative Commons Price: Free
Categories:

adds support for anonymizing log files at index time

anonymizes ip address as 127.0.0.1 (localhost); email addresses as user@domain.com ; social-security-numbers as 555-00-0000; password/passwd looking values as 'password' ; username/userid/login/user looking values as 'bob'.

Author: carasso Type: Custom Processing, Fields
Rating: Awaiting 3 votes Added: 16 months ago
Downloads: 72 Last Updated: 16 months ago
License: Creative Commons Price: Free
Categories:

Snort fields

Extracts snort 2.6 fields which can be used in reporting.

Author: mfratto Type: Fields
Rating: Awaiting 3 votes Added: 15 months ago
Downloads: 200 Last Updated: 14 months ago
License: Creative Commons Price: Free
Categories:
Screenshot

Nmap Scripted Input & Field Extraction

Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data.

Author: araitz Type: Scripted Inputs, Fields
Rating: Awaiting 3 votes Added: 14 months ago
Downloads: 258 Last Updated: 14 months ago
License: Creative Commons Price: Free
Categories:

Netcache fields, inputs, and event types

This add-on normalizes Netcache fields so that other Splunk applications understand them.

Author: Splunk Type: Inputs, Fields, Event Types
Rating: Awaiting 3 votes Added: 11 months ago
Downloads: 32 Last Updated: 11 months ago
License: Creative Commons Price: Free
Categories:
Screenshot

Splunk for Snort

This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards).

Author: Splunk Type: Inputs, Fields, Event Types
Rating: Awaiting 3 votes Added: 11 months ago
Downloads: 600 Last Updated: 4 months ago
License: Creative Commons Price: Free
Categories:

Splunk for Snare

The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events.

Author: Splunk Type: Inputs, Fields, Event Types
Rating: Awaiting 3 votes Added: 11 months ago
Downloads: 1,047 Last Updated: 2 months ago
License: Creative Commons Price: Free
Categories:

Squid Web Proxy

== Squid Application == This application will provide additional field extractions for Squid Proxy Server access_log files == Using Squid Application == At search time the following additional fields will be available: - duration - clientip - action - http_status - bytes - method - uri - proto - uri_host - uri_port - uri_path - username - hierarchy - server_ip - content_type

Author: rataide Type: Fields
Rating: Awaiting 3 votes Added: 6 months ago
Downloads: 273 Last Updated: 5 months ago
License: Creative Commons Price: Free
Categories: