http://www.splunkbase.com/feed/apps.rss/All/Technologies/Security_Applications Latest SplunkBase Applications in category Security Applications erik Wed, 17 Dec 2008 02:26:36 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:BSM+Audit+log+loader 9ddf0536d7b1a8d6cb7c41549017c269 This app will on an interval convert local audit logs to text while keeping track of the last time it ran as to not get duplicates. Run this app on a server that is running bsm to capture audit logs before they roll. Splunk Wed, 01 Oct 2008 22:28:16 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Splunk+for+Snare d1622685eb55d92d97a3d0883d347583 The Splunk for Snare application offers eventtypes and field extractions for Snare collecting Windows events. Splunk Wed, 20 Aug 2008 18:31:47 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Splunk+for+Snort c4de85d8c07f02e7aae87c5d2cf2f925 This application applies to Snort alert logs, bringing their field names into compliance with the Splunk interface standard (see http://www.splunkbase.com/howtos/Splunk/howto:Understanding_Splunk's_interface_standards). raffy Wed, 13 Aug 2008 21:53:02 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:AfterGlow+Graphing 4f2e1c0df533194486f4ec74e385ed66 This new search processor enables the generation of link graphs through Splunk. Make sure you follow the instructions in the README (once installed, located in etc/apps/afterglow) to configure the application! rataide Thu, 10 Jul 2008 18:58:23 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Squid+Web+Proxy 28b667bd334e8ba8a3d4e9759d5b1d12 == Squid Application == This application will provide additional field extractions for Squid Proxy Server access_log files == Using Squid Application == At search time the following additional fields will be available: - duration - clientip - action - http_status - bytes - method - uri - proto - uri_host - uri_port - uri_path - username - hierarchy - server_ip - content_type Splunk Mon, 14 Jan 2008 18:30:11 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Netcache+fields%2C+inputs%2C+and+event+types 3dda8837097357ffcdb02b8489237812 This add-on normalizes Netcache fields so that other Splunk applications understand them. araitz Tue, 18 Dec 2007 19:25:57 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Sancp%7FSguil+Add-on 86554233c6f753ca862119b8d13bdb0e This bundle indexes sancp logs when sancp is patched with the sguil output patch, extracts the fields, then sends to a processor which converts the decimal IP addresses to dotted format. mfratto Mon, 01 Oct 2007 14:36:44 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Snort+fields 786e4729ca04060a32e4dee2ba912b4d Extracts snort 2.6 fields which can be used in reporting. araitz Fri, 28 Sep 2007 01:13:34 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Nmap+Scripted+Input+%26+Field+Extraction 94b5178420bfbcd37d4201914be5ac85 Want to put your Nmap output into Splunk? Check out this add-on, which will parse your grepable Nmap output into a scripted input and then perform some field extraction on the data. maverick Fri, 07 Sep 2007 04:20:12 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:Nessus+Bundle 761b6685ad2bb1f397ab50934bd0affe This bundle extracts the common fields from a Nessus Vulnerability Scanner log file, such as the hostname, port, script id, and type. carasso Mon, 20 Aug 2007 01:23:57 +0000 http://www.splunkbase.com/apps/All/Technologies/Security_Applications/app:adds+support+for+anonymizing+log+files+at+index+time 68d72996a68ce809bc4d3c7b54916d9e anonymizes ip address as 127.0.0.1 (localhost); email addresses as user@domain.com ; social-security-numbers as 555-00-0000; password/passwd looking values as 'password' ; username/userid/login/user looking values as 'bob'.