DO NOT DELETE OR MODIFY THIS APP. This app is used for backend download tests.

URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution

The Splunk Technology Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

TESTING :) TEST WOW HOPE THIS WORKS

Consider using Splunk Add-on for Mobile Access in conjunction with Splunk Mobile App on your iOS or Android device to enhance your mobile interaction with your Splunk platform instance. The add-on is not required; you can use Splunk Mobile App without Splunk Mobile Add-on for Mobile. See Install Splunk Mobile App for instructions on how to download and log in to the app on your mobile device. This is the first release of Splunk Mobile Add-on for Mobile Access. Designed to work in conjunction with Splunk Mobile App, this add-on provides users with the ability to: * Notify mobile devices with mobile notifications (Apple Push Notification and Google Cloud Messaging) for Splunk alerts * Use single sign-on (SSO) credentials to log in to the app on a mobile device * Control which apps, dashboards, and reports display to users on a mobile device * Troubleshoot issues users may have access a Splunk platform instance from a mobile device

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

Splunkbase staging test for partner badging integration. Empty app package inside.

If the 13 visualizations that come packaged with Splunk are not applicable to your use case, this app might help. After installation you’ll find a Sankey diagram as an additional item in the visualization picker in Search and Dashboard. Sankey diagrams show metric flows and category relationships. You can use a Sankey diagram to visualize relationship density and trends. A Sankey diagram shows category nodes on vertical axes. Fluid lines show links between source and target categories. Link width indicates relationship strength between a source and target.

This app integrates with MalShare to provide several investigative actions

# Admin Pilot for Splunk (AP4S) Overview The Admin Pilot for Splunk (AP4S) is a comprehensive tool designed to enhance the management and operational efficiency of Splunk environments. AP4S stands out by offering detailed tracking and analysis across various facets of Splunk usage and performance, utilizing advanced machine learning techniques to forecast future licensing needs. This powerful app is an essential asset for any Splunk administrator aiming to optimize their implementation and gain deeper insights into their data. ## Key Features - **User Login and Usage Tracking**: Monitor how and when users interact with the Splunk environment. - **Knowledge Object Tracking**: Keep tabs on Dashboards, Macros, Eventtypes, Lookups, and more, ensuring they are used optimally. - **Index License and Size Tracking**: Stay ahead of license usage and manage data storage efficiently. - **Resource Consumption Monitoring**: Gain insights into the real and SVC resource usage to optimize performance. - **Search Performance Analysis**: Evaluate the efficiency of searches to improve speed and accuracy. - **KV Store Health**: Monitor the health of KV stores to prevent data loss or corruption. - **Data Source Analysis**: Analyze the performance and reliability of data sources to enhance data ingestion and processing. AP4S leverages machine learning to predict future license ingestion, enabling proactive management of licensing costs. It also stores valuable data for long-term analysis, often lost in typical scenarios, facilitating continuous benchmarking of the Splunk journey. ## Unique Advantages - **Audit Search Activity Dashboard**: A centerpiece of AP4S, this dashboard aggregates and normalizes search data from multiple internal sources, providing a seamless analysis across datasets. It is instrumental in correlating searches and tracking terminated jobs, especially when memory tracking is enabled. - **Enhanced Data Analysis**: By collecting data from various Splunk REST endpoints, AP4S enriches every dashboard it includes, offering unprecedented insights. - **Optimized for Efficiency**: With an accelerated data model, a summary index, and multiple KV stores, AP4S ensures rapid access to critical data. - **Reusable Macros**: A collection of over 140 macros facilitates customization and enhances the utility of custom dashboard development and ad-hoc searches. ## Ideal For The AP4S app is perfect for Splunk administrators who seek to: - Dissect any Splunk implementation thoroughly. - Conduct deep dive search analyses with extensive enrichments. - Simplify scheduled search skip analyses in both SHC and non-SHC environments. ## Conclusion By equipping Splunk administrators with detailed insights and predictive analytics, the Admin Pilot for Splunk (AP4S) app is an indispensable tool for maximizing the value of Splunk environments. Try AP4S today to revolutionize your Splunk administration and unlock the full potential of your data.

Testing sim addon for the staging environment. Sim addon helps to get data from olly into the splunk.

The Splunk App for VMware provides deep operational visibility into granular performance metrics, logs, tasks and events and topology from hosts, virtual machines and virtual centers. It empowers administrators with an accurate real-time picture of the health of the environment, proactively identifying performance and capacity bottlenecks. The latest release of the Splunk App for VMware provides enhanced visibility into the storage tier including built-in correlation and direct drill-downs into NetApp Data ONTAP storage systems. The results are holistic visibility, comprehensive analytics and faster problem resolution. THE SPLUNK APP FOR VMWARE IS AVAILABLE FOR A 60-DAY FREE TRIAL. If you wish to use the Splunk App for VMware beyond the trial, please contact your Splunk sales person. The Splunk App for VMware is compatible with Splunk 6.2.0 and above and VMware vSphere versions 4.1, 5.0, 5.0 Update 1, 5.1, 5.5, and 6.0. Easy Install Video Guide - https://www.youtube.com/watch?v=GgJUkh0eFH4

The Splunk ODBC Driver allows industry-standard connectivity between Splunk and Excel and Tableau Desktop. Keep your Splunk data where it is while manipulating and visualizing subsets of that data with ODBC-compatible programs.

The Splunk on Splunk Add-on is a collection of inputs for the Splunk on Splunk (SoS) app - http://www.splunk.com/goto/sos

The Use Case Explorer plays a vital role in guiding customers toward a more strategic utilization of Splunk, ensuring they are getting the maximum value from their investment. The app continuously assesses data sources, identifying ways to use existing data and bring attention to new use case opportunities. We like the cooking metaphor…The more ingredients, the more you can cook!

Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk. ES helps teams gain organization-wide visibility and security intelligence for continuous monitoring, incident response, SOC operations, and providing executives a window into business risk. • Continuously Monitor: get a clear picture of security posture using pre-defined dashboards, key security and performance indicators, static & dynamic thresholds, and trending indicators • Prioritize and Act: optimize incident response workflows with alerts, centralized logs, and pre-defined reports and correlations • Conduct Rapid Investigations: use ad-hoc search and static, dynamic and visual correlations to detect malicious activities • Handle Multi-step Investigations: trace activities associated with compromised systems and apply the kill-chain methodology to see the attack lifecycle Splunk ES is a premium security solution requiring a paid license

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

This app implements investigative actions to get information from the Censys search engine

This app integrates with AWS Lambda to perform lambda functions

This app integrates with ServiceNow to perform investigative and generic actions

This app integrates with AWS Simple Systems Manager (SSM) to remotely and securely manage the configuration of any EC2 instance or on-premise machine configured for SSM

This app integrates with AWS Inspector to perform security assessment actions

This app integrates with AWS Security Hub to ingest findings

This app integrates with AWS Elastic Compute Cloud (EC2) to perform virtualization actions

This app integrates with JIRA to perform several ticket management actions

This app provides IP geolocation with the included MaxMind database

This app integrates with Amazon Web Services Identity Access Management (AWS IAM) to support various containment, corrective and investigate actions

This app ingests emails from a mailbox in addition to supporting various investigative and containment actions on an Office 365 service

This app integrates with MalShare to provide several investigative actions

This app retrieves IOC reputation from Malware Domain List

This app implements various endpoint based investigative and containment actions by integrating with McAfee ePO

The Splunk Technology Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

The Splunk App for Unix and Linux provides rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment. The Splunk App for Unix and Linux is easy to deploy and comes with configurable data inputs allowing you to quickly provision new Unix and Linux hosts and services. The Splunk App for Unix and Linux is compatible with Splunk 5.x and 6.x. The Splunk App for Unix and Linux is not supported on any version of Internet Explorer because it makes heavy use of scalable vector graphics (SVG), a standard for which IE has limited support. It can, however, be used on any other Splunk-supported browser.

The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

The Splunk App for Microsoft Windows ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/ The Splunk App for Windows provides examples of pre-built data inputs, searches, reports, alerts, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems from one place. Included are scripted inputs for CPU, disk, I/O, memory, log, configuration, and user data, plus a web-based setup UI for indexing Windows Events Logs.

This app allows you to read data in Splunk buckets using 3rd-party Hadoop-based applications. When you use the Hunk archiving functionality to export your raw-data journal files to HDFS, you can immediately query and analyze that data via Hunk. But what if you want to also view that data via applications like Hive or Pig? This app provides Hadoop tool classes that allow you to do just that: * Provides classes that implement both the “old-style” and new “new-style” Hadoop interfaces, based on the org.apache.hadoop.mapred and org.apache.hadoop.mapreduce packages. * Provides access to index-time fields only — search-time fields are not available. * Lets you configure which fields are retrieved as keys and as values. * Formats returned data as TSV. After installing this app, open it in Hunk. The documentation tab will provide complete usage instructions, including examples.

The Splunk App for Windows Infrastructure provides examples of pre-built data inputs, searches, reports, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems, including Active Directory elements, all from one place. Included are inputs for performance metrics, event logs, user and audit data. The app makes getting started with Splunk a breeze. The App also contains dashboards needed to monitor your Active Directory environment and allows for correlation opportunities from the Active Directory data back to the Operating System. A unique first-time run experience detects data you might already have to highlight areas for your specific environment. Host Monitoring, Print Monitoring, and Network Monitoring also light up new possibilities.

The Splunk 6.x Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations. With the app you will learn basic Simple XML concepts and how to incorporate the built-in components. All the included examples deliver a recipe for implementing dashboard elements, beginning with the most basic and progressing to more advanced elements. Each example in the app includes an actual runtime visualization followed by a description and supporting source code.

The Splunk Add-on for Microsoft Active Directory provides the necessary Active Directory knowledge objects for a Splunk App for Microsoft Exchange or Splunk App for Windows Infrastructure deployment. The add-on helps you better understand and get the most out of your Windows Server Active Directory or Microsoft Exchange environment. Download the add-on to integrate into your Splunk App for Microsoft Exchange or Windows Infrastructure deployment or use it to provide Active Directory data to your own Splunk app.

Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment. It contains views and tools that allow you to do the following: * View, search and compare Splunk configuration files. * Detect and expose errors and anomalies in your installation, including inspection of crash logs. * Measure indexing performance and expose event processing bottlenecks. * View details of scheduler and user-driven search activity. * Analyze data volume metrics captured by Splunk. The SoS app has been developed primarily by the Splunk Support team, with the help of Splunk Dev, Splunk Docs, and Sideview LLC (http://sideviewapps.com).

Real-time integration between Splunk Enterprise and relational databases--now with improved access control and support for IBM DB2 and SAP Sybase. Splunk DB Connect delivers reliable, scalable, real-time integration between Splunk Enterprise and relational databases. Integrate structured data from relational databases with data in Splunk Enterprise to drive deeper levels of analysis and operational intelligence. **DB Connect 1.2.1 is compatible with Java 7 or 8.** **DB Connect 1.1.7 or lower is compatible with Java 6 or 7.**

Currently there is no way for Splunk Support to add health checks to a customer's monitoring console. Instead the customer would reach out to Splunk Support, Splunk Support then decides to create new health checks, put them in the new release/patch build, and let the customer know. Problem here is that the turnaround time is too long for the customer, sometimes taking months to wait for the new release, if the requested health checks are added at all, and is a truly painful experience. Hence, we want to decouple new health check items from new releases and give customers the ability to get new health checks themselves without going through Splunk Support.

The Splunk App for VMware provides deep operational visibility into granular performance metrics, logs, tasks and events and topology from hosts, virtual machines and virtual centers. It empowers administrators with an accurate real-time picture of the health of the environment, proactively identifying performance and capacity bottlenecks. The latest release of the Splunk App for VMware provides enhanced visibility into the storage tier including built-in correlation and direct drill-downs into NetApp Data ONTAP storage systems. The results are holistic visibility, comprehensive analytics and faster problem resolution. THE SPLUNK APP FOR VMWARE IS AVAILABLE FOR A 60-DAY FREE TRIAL. If you wish to use the Splunk App for VMware beyond the trial, please contact your Splunk sales person. The Splunk App for VMware is compatible with Splunk 6.2.0 and above and VMware vSphere versions 4.1, 5.0, 5.0 Update 1, 5.1, 5.5, and 6.0. Easy Install Video Guide - https://www.youtube.com/watch?v=GgJUkh0eFH4

The Splunk Deployment Monitor App offers insight into your Splunk Deployment

*** THIS APP IS OFFICIALLY DEPRECATED *** As of Splunk 5.0, PDF generation is officially supported in the base platform, making this app no longer necessary for most PDF cases. The PDF Report Server add-on enables your Linux-based Splunk instance to generate emailed reports in PDF format. IMPORTANT: it is only compatible with Intel-based Linux systems and requires the Xvfb and xauth operating system packages to be installed. See the documentation for further details. Instances of Splunk running on non-Linux OS's (Solaris, Windows, etc.) cannot run the PDF Report Server, but they can be configured to use a remote Linux-based Splunk server with this add-on installed to generate PDFs. This add-on requires an Enterprise license and will not work with a Free license. For more information, see: http://www.splunk.com/base/Documentation/4.1/Installation/ConfigurePDFprintingforSplunkWeb

The Splunk Add-on for Cisco ASA allows a Splunk software administrator to map Cisco ASA devices, Cisco PIX, and Cisco FWSM events to the Splunk CIM. You can then use the data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

The Splunk App for Microsoft Windows Active Directory ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/ The Splunk App for Microsoft Windows Active Directory gathers performance metrics, log files, and Powershell data from the domain controllers and DNS servers of a Microsoft Active Directory forest and its underlying infrastructure. It presents the data in a series of operational dashboards covering IT Operations, DNS Debugging, Security and Audit, and Change Management functionalities.

This app integrates with AWS S3 to perform investigative actions

This app integrates with AWS Lambda to perform lambda functions

This App allows for ticket management on Zendesk

This app integrates with ServiceNow to perform investigative and generic actions

This is the official app for IP Info used to query the various endpoints of IP Info

This app integrates with the Tenable.io API to provide endpoint-based investigative actions

This app implements investigative actions to get information from the Censys search engine

This ixia NPB App supports a variety of actions on the network packet broker platform. This App has been tested with Vision One

This app supports investigative actions against a Microsoft Azure SQL Server

This app interfaces with the Cisco Meraki cloud managed devices. The search string specified is used to match a value in the client MAC address or description field. The default dashboard URL is dashboard.meraki.com. The API Key is generated in your account profile. An account with read only privileges is acceptable.

Phantom app for Verodin

Integrates a variety of ThreatQ services into Phantom.

This app supports executing investigative and generic type of actions to convert the SOAR vault files to various formats

This app supports hunting and a variety of investigative actions, in addition to report ingestion, from the Accenture DeepSight Intelligence cyber security service

This app integrates with Alibaba Resource Access Management (Alibaba RAM) to support various containment, corrective, and investigate actions

This app integrates with Arbor Networks APS to execute containment and corrective actions