Testing sim addon for the staging environment. Sim addon helps to get data from olly into the splunk.

The Splunk Add-on for Box allows a Splunk Enterprise administrator to collect data from Box and monitor Box events in near real time. The add-on can collect the following data via the Box REST APIs: * enterprise events * metadata about files and folders * user and user group data * collaboration data for folders * tasks data for files

Searchbase is a search repository that users will consult with when using Splunk on a day to day basis. Users will benefit from all the searches contained in Searchbase for inspiration, instant recall, point and click execution, analysis, and prescriptive information provided. Users can even store their own searches in Splunk! No more looking for all your splunk searches in notepad files scattered around your workplace!

The Splunk Technology Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

DO NOT DELETE OR MODIFY THIS APP.

Real-time integration between Splunk Enterprise and relational databases--now with improved access control and support for IBM DB2 and SAP Sybase.

Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment. It contains views and tools that allow you to do the following: * View, search and compare Splunk configuration files. * Detect and expose errors and anomalies in your installation, including inspection of crash logs. * Measure indexing performance and expose event processing bottlenecks. * View details of scheduler and user-driven search activity. * Analyze data volume metrics captured by Splunk. The SoS app has been developed primarily by the Splunk Support team, with the help of Splunk Dev, Splunk Docs, and Sideview LLC (http://sideviewapps.com).

The Splunk App for Microsoft Windows Active Directory ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/

Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk. ES helps teams gain organization-wide visibility and security intelligence for continuous monitoring, incident response, SOC operations, and providing executives a window into business risk.

Splunk IT Service Intelligence is a monitoring solution that offers an innovative, machine-data driven approach to provide comprehensive visibility into operational health and key performance indicators of IT services and the infrastructure that underpins it.

Overview

Splunk Enterprise Security gives teams the insight to quickly detect and respond to internal and external attacks, to simplify threat management while minimizing risk. ES helps teams gain organization-wide visibility and security intelligence for continuous monitoring, incident response, SOC operations, and providing executives a window into business risk.

The Splunk App for Windows Infrastructure provides examples of pre-built data inputs, searches, reports, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems, including Active Directory elements, all from one place.

# Admin Pilot for Splunk (AP4S) Overview

The Splunk Add-on for Microsoft Hyper-V allows a Splunk® Enterprise administrator to collect inventory, performance, and alert information from Microsoft Hyper-V environments. You can then directly analyze the data or use it as a contextual data feed to correlate with other data in Splunk Enterprise. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

The Splunk Add-on for Microsoft Hyper-V allows a Splunk® Enterprise administrator to collect inventory, performance, and alert information from Microsoft Hyper-V environments. You can then directly analyze the data or use it as a contextual data feed to correlate with other data in Splunk Enterprise. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

The Splunk Add-on for McAfee Web Gateway allows a Splunk software administrator to collect logs from McAfee Web Gateway appliance using syslog. This add-on provides the CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

This app implements investigative actions to get information from the Censys search engine

This app integrates with AWS Lambda to perform lambda functions

This app integrates with ServiceNow to perform investigative and generic actions

This app integrates with AWS Simple Systems Manager (SSM) to remotely and securely manage the configuration of any EC2 instance or on-premise machine configured for SSM

This app integrates with AWS Inspector to perform security assessment actions

This app integrates with AWS Security Hub to ingest findings

This app integrates with AWS Elastic Compute Cloud (EC2) to perform virtualization actions

This app integrates with JIRA to perform several ticket management actions

This app provides IP geolocation with the included MaxMind database

This app integrates with Amazon Web Services Identity Access Management (AWS IAM) to support various containment, corrective and investigate actions

This app ingests emails from a mailbox in addition to supporting various investigative and containment actions on an Office 365 service

This app integrates with MalShare to provide several investigative actions

The Splunk Technology Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

The Splunk App for Unix and Linux provides rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environment.

The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

The Splunk App for Microsoft Windows ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/

This app allows you to read data in Splunk buckets using 3rd-party Hadoop-based applications. When you use the Hunk archiving functionality to export your raw-data journal files to HDFS, you can immediately query and analyze that data via Hunk.

The Splunk 6.x Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.

The Splunk App for Windows Infrastructure provides examples of pre-built data inputs, searches, reports, and dashboards for Windows server and desktop management. You can monitor, manage, and troubleshoot Windows operating systems, including Active Directory elements, all from one place.

The Splunk Add-on for Microsoft Active Directory provides the necessary Active Directory knowledge objects for a Splunk App for Microsoft Exchange or Splunk App for Windows Infrastructure deployment. The add-on helps you better understand and get the most out of your Windows Server Active Directory or Microsoft Exchange environment. Download the add-on to integrate into your Splunk App for Microsoft Exchange or Windows Infrastructure deployment or use it to provide Active Directory data to your own Splunk app.

Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment. It contains views and tools that allow you to do the following: * View, search and compare Splunk configuration files. * Detect and expose errors and anomalies in your installation, including inspection of crash logs. * Measure indexing performance and expose event processing bottlenecks. * View details of scheduler and user-driven search activity. * Analyze data volume metrics captured by Splunk. The SoS app has been developed primarily by the Splunk Support team, with the help of Splunk Dev, Splunk Docs, and Sideview LLC (http://sideviewapps.com).

Currently there is no way for Splunk Support to add health checks to a customer's monitoring console. Instead the customer would reach out to Splunk Support, Splunk Support then decides to create new health checks, put them in the new release/patch build, and let the customer know. Problem here is that the turnaround time is too long for the customer, sometimes taking months to wait for the new release, if the requested health checks are added at all, and is a truly painful experience. Hence, we want to decouple new health check items from new releases and give customers the ability to get new health checks themselves without going through Splunk Support.

Real-time integration between Splunk Enterprise and relational databases--now with improved access control and support for IBM DB2 and SAP Sybase.

The Splunk App for VMware provides deep operational visibility into granular performance metrics, logs, tasks and events and topology from hosts, virtual machines and virtual centers. It empowers administrators with an accurate real-time picture of the health of the environment, proactively identifying performance and capacity bottlenecks.

The Splunk Deployment Monitor App offers insight into your Splunk Deployment

*** THIS APP IS OFFICIALLY DEPRECATED ***

The Splunk Add-on for Cisco ASA allows a Splunk software administrator to map Cisco ASA devices, Cisco PIX, and Cisco FWSM events to the Splunk CIM. You can then use the data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

The Splunk App for Microsoft Windows Active Directory ONLY works on Splunk 5.x systems. For similar functionality on Splunk 6 and later editions, please use the Splunk App for Windows Infrastructure: http://apps.splunk.com/app/1680/

This app integrates with AWS S3 to perform investigative actions

This app integrates with AWS Lambda to perform lambda functions

This App allows for ticket management on Zendesk

This app implements investigative actions to get information from the Censys search engine

This app integrates with ServiceNow to perform investigative and generic actions

This is the official app for IP Info used to query the various endpoints of IP Info

This app integrates with the Tenable.io API to provide endpoint-based investigative actions

This ixia NPB App supports a variety of actions on the network packet broker platform. This App has been tested with Vision One

This app supports investigative actions against a Microsoft Azure SQL Server

This app interfaces with the Cisco Meraki cloud managed devices. The search string specified is used to match a value in the client MAC address or description field. The default dashboard URL is dashboard.meraki.com. The API Key is generated in your account profile. An account with read only privileges is acceptable.

Phantom app for Verodin

Integrates a variety of ThreatQ services into Phantom.

This app supports executing investigative and generic type of actions to convert the SOAR vault files to various formats

This app supports hunting and a variety of investigative actions, in addition to report ingestion, from the Accenture DeepSight Intelligence cyber security service

This app integrates with Alibaba Resource Access Management (Alibaba RAM) to support various containment, corrective, and investigate actions

This app integrates with Arbor Networks APS to execute containment and corrective actions