Security Inputs Applications
Want to define new inputs for your Splunk server?
Input Applications let you download pre-made definitions for bringing even more data into your Splunk server. Or, you can share your own! Along with those definitions, since Applications allow you to include more than one type of content, you can roll together a complete solution for a particular situation or program.
Not a Splunk user? Download Splunk, set up your Splunk server, and then install your Applications(s) to extend your server.
Featured Application:
Splunk for Network Security
More...
- Recent
- |
- Highly Rated
- |
- Most Downloaded
Sancp/Sguil Add-on
This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format.
Splunk for Network Security
The Splunk Network Security application offers a set of reports, saved searches, and dashboards, as well as corresponding alerts that you can use to monitor your firewalls, intrusion detection and prevention systems, as well as operating systems.
Splunk for tcpdump
This application will allow you to collect data from a tcpdump standard output directly into Splunk, it will also perform the necessary field extractions based on the Common Information Model This application is compliant with the 3.3.x standard.
Script for database inputs
This script is designed to be used as a scripted input for data contained in database tables. Plese refer to the Splunk Admin guide for more information on configuring scripted inputs. The script has been successfully used in a number of deployments, and should work with Oracle, MySQL, and sybase databases as-is. Other database types can be added by installing the appropriate perl DBD module, and editing the script to configure for the new dbtype. In this version, all of the SQL code has been abstracted from the script, and all parameters including the query are passed as commandline arguments to the script.