The Splunk Add-on for Imperva SecureSphere WAF allows a Splunk software administrator to pull system logs and traffic statistics from Imperva SecureSphere Web Application Firewall (WAF) using syslog. After the Splunk platform indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

Test search test develop

The Splunk App for Chargeback aids customers in understand Splunk Virtual Compute (SVC) usage categorized by business units and departments, utilizing the identical SVC usage data available in the Cloud Monitoring Console (CMC) App within the customer's stack.

The Splunk Dashboards app (beta) provides a new visual editing experience for building and customizing dashboards. Some highlights of what you can do with the UI:

Provide a brief overview of the problem or situation the app is intended to address. Compel users to try the app by providing supporting motivation and a clear problem statement.

This app supports containment actions like 'block ip' or 'unblock ip' using the A10 Lightning Application Delivery System (LADS).

Consider using Splunk Add-on for Mobile Access in conjunction with Splunk Mobile App on your iOS or Android device to enhance your mobile interaction with your Splunk platform instance.

Short Introduction Provide a brief overview of the problem or situation the app is intended to address. Compel users to try the app by providing supporting motivation and a clear problem statement. Learn more

*** THIS APP IS OFFICIALLY DEPRECATED ***

The Splunk on Splunk Add-on is a collection of inputs for the Splunk on Splunk (SoS) app - http://www.splunk.com/goto/sos

The Splunk Add-on for Cisco UCS allows a Splunk® Enterprise administrator to collect UCS fault, inventory, and performance data from Cisco UCS servers using the UCS API. After Splunk Enterprise indexes the events, you can analyze the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

The Splunk Add-on for Amazon Web Services allows a Splunk® software administrator to collect events, alerts, performance metrics, configuration snapshots, and billing information from the CloudWatch, CloudTrail, and Config services. It can also gather log data from CloudWatch Logs, including VPC Flow Logs, and AWS billing reports and generic log files from S3 buckets. This add-on provides modular inputs and CIM-compatible knowledge to use with other Splunk apps, such as the Splunk App for AWS and Splunk Enterprise Security.

sendresults is an immensely powerful, life-changing Splunk command developed by Discovered Intelligence, that allows you to send tabulated search results to individuals dynamically, based upon the data within the results. This means that you no longer need to hardcode an email into the search, but can evaluate the email instead.

Provides a modular input and search command that query your Splunk Infrastructure Monitoring instance to retrieve metrics and event data.

The Splunk Infrastructure Monitoring Add-on provides the following features to ingest Infrastructure Monitoring metrics and event data into Splunk.

Short Introduction Provide a brief overview of the problem or situation the app is intended to address. Compel users to try the app by providing supporting motivation and a clear problem statement. Learn more

The Splunk Add-on for Cisco WSA allows a Splunk® software administrator to collect Cisco Web Security Appliance (WSA) access and L4TM log data. You can analyze these logs directly or use them as a contextual data source to correlate with other communication and authentication data in the Splunk platform. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

The Splunk Add-on for Microsoft Hyper-V allows a Splunk® Enterprise administrator to collect inventory, performance, and alert information from Microsoft Hyper-V environments. You can then directly analyze the data or use it as a contextual data feed to correlate with other data in Splunk Enterprise. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

The Splunk Add-on for McAfee Web Gateway allows a Splunk software administrator to collect logs from McAfee Web Gateway appliance using syslog. This add-on provides the CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

This app implements investigative actions to get information from the Censys search engine

This app integrates with AWS Lambda to perform lambda functions

This app integrates with ServiceNow to perform investigative and generic actions

This app integrates with AWS Simple Systems Manager (SSM) to remotely and securely manage the configuration of any EC2 instance or on-premise machine configured for SSM

This app integrates with AWS Inspector to perform security assessment actions

This app integrates with AWS Security Hub to ingest findings

This app integrates with AWS Elastic Compute Cloud (EC2) to perform virtualization actions

This app integrates with JIRA to perform several ticket management actions

This app provides IP geolocation with the included MaxMind database

This app integrates with Amazon Web Services Identity Access Management (AWS IAM) to support various containment, corrective and investigate actions

This app ingests emails from a mailbox in addition to supporting various investigative and containment actions on an Office 365 service

The Splunk Technology Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

The Splunk App for Unix and Linux provides rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

The Splunk App for Microsoft Windows ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/

This app allows you to read data in Splunk buckets using 3rd-party Hadoop-based applications. When you use the Hunk archiving functionality to export your raw-data journal files to HDFS, you can immediately query and analyze that data via Hunk.

The Splunk 6.x Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.

The Splunk App for Windows Infrastructure provides examples of pre-built data inputs, searches, reports, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems, including Active Directory elements, all from one place.

The Splunk Add-on for Microsoft Active Directory provides the necessary Active Directory knowledge objects for a Splunk App for Microsoft Exchange or Splunk App for Windows Infrastructure deployment. The add-on helps you better understand and get the most out of your Windows Server Active Directory or Microsoft Exchange environment. Download the add-on to integrate into your Splunk App for Microsoft Exchange or Windows Infrastructure deployment or use it to provide Active Directory data to your own Splunk app.

Currently there is no way for Splunk Support to add health checks to a customer's monitoring console. Instead the customer would reach out to Splunk Support, Splunk Support then decides to create new health checks, put them in the new release/patch build, and let the customer know. Problem here is that the turnaround time is too long for the customer, sometimes taking months to wait for the new release, if the requested health checks are added at all, and is a truly painful experience. Hence, we want to decouple new health check items from new releases and give customers the ability to get new health checks themselves without going through Splunk Support.

Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment. It contains views and tools that allow you to do the following: * View, search and compare Splunk configuration files. * Detect and expose errors and anomalies in your installation, including inspection of crash logs. * Measure indexing performance and expose event processing bottlenecks. * View details of scheduler and user-driven search activity. * Analyze data volume metrics captured by Splunk. The SoS app has been developed primarily by the Splunk Support team, with the help of Splunk Dev, Splunk Docs, and Sideview LLC (http://sideviewapps.com).

Real-time integration between Splunk Enterprise and relational databases--now with improved access control and support for IBM DB2 and SAP Sybase.

The Splunk App for VMware provides deep operational visibility into granular performance metrics, logs, tasks and events and topology from hosts, virtual machines and virtual centers. It empowers administrators with an accurate real-time picture of the health of the environment, proactively identifying performance and capacity bottlenecks.

The Splunk Deployment Monitor App offers insight into your Splunk Deployment

*** THIS APP IS OFFICIALLY DEPRECATED ***

The Splunk Add-on for Cisco ASA allows a Splunk software administrator to map Cisco ASA devices, Cisco PIX, and Cisco FWSM events to the Splunk CIM. You can then use the data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

The Splunk App for Microsoft Windows Active Directory ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/

This app integrates with AWS S3 to perform investigative actions

This app integrates with AWS Lambda to perform lambda functions

This App allows for ticket management on Zendesk

This app implements investigative actions to get information from the Censys search engine

This app integrates with ServiceNow to perform investigative and generic actions

This is the official app for IP Info used to query the various endpoints of IP Info

This app integrates with the Tenable.io API to provide endpoint-based investigative actions

This ixia NPB App supports a variety of actions on the network packet broker platform. This App has been tested with Vision One

This app supports investigative actions against a Microsoft Azure SQL Server

This app interfaces with the Cisco Meraki cloud managed devices. The search string specified is used to match a value in the client MAC address or description field. The default dashboard URL is dashboard.meraki.com. The API Key is generated in your account profile. An account with read only privileges is acceptable.

Phantom app for Verodin

Integrates a variety of ThreatQ services into Phantom.

This app supports executing investigative and generic type of actions to convert the SOAR vault files to various formats

This app supports hunting and a variety of investigative actions, in addition to report ingestion, from the Accenture DeepSight Intelligence cyber security service

This app integrates with Alibaba Resource Access Management (Alibaba RAM) to support various containment, corrective, and investigate actions

This app integrates with Arbor Networks APS to execute containment and corrective actions