Splunk Add-on for OSSEC

The Splunk Add-on for OSSEC allows a Splunk® software administrator to collect alert events from OSSEC servers over syslog. The add-on collects the following alert data from OSSEC: * File Integrity Management (FIM) data * FTP data * su data * ssh data * Windows data, including audit and logon information At this time, the add-on does not support data collection for OSSEC daemon logs, agent logs, or logs from the active response module. After the Splunk platform indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

Built by Splunk Inc.

Latest Version 4.0.0

July 30, 2015

Release notes

Compatibility

Not Available

Platform Version: 6.3, 6.2, 6.1, 6.0

CIM Version: 4.x

Rating

0

(0)

Log in to rate this app

Support

Splunk Supported addon

Learn more

The Splunk Add-on for OSSEC allows a Splunk® software administrator to collect alert events from OSSEC servers over syslog. The add-on collects the following alert data from OSSEC: * File Integrity Management (FIM) data * FTP data * su data * ssh data * Windows data, including audit and logon information At this time, the add-on does not support data collection for OSSEC daemon logs, agent logs, or logs from the active response module. After the Splunk platform indexes the events, you can consume the data using the prebuilt dashboard panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.