Splunk Apps

Splunk Apps

I currently develop and maintain a handful of Splunkbase apps/add-ons. Each app/add-on I develop is for a product or tool I enjoy using. All my apps can be found on Splunkbase or Github. I also provide detailed documentation for each app that is released.

SA-AwsAssets

Vendor Website: https://aws.amazon.com/

SA-AwsAssets is intended to work with Splunk Enterprise Security (ES) and AWS. This supporting add-on does not replace the existing method of ingesting data into Splunk. Instead, it is used to bridge the gap between ingesting the device data into Splunk and actually using it in Splunk ES.

SA-SentinelOneDevices

Vendor Website: https://www.sentinelone.com/

SA-CrowdstrikeDevices is intended to work with Splunk Enterprise Security (ES) and SentinelOne. This supporting add-on does not replace the existing SentinelOne App For Splunk to ingest data into Splunk. Instead, it is used to bridge the gap between ingesting the device data into Splunk and actually using it in Splunk ES.

SA-CrowdstrikeDevices

Vendor Website: https://www.crowdstrike.com/

SA-CrowdstrikeDevices is intended to work with Splunk Enterprise Security (ES) and Crowdstrike. This supporting add-on does not replace the existing Crowdstrike add-on to ingest data into Splunk. Instead, it is used to bridge the gap between ingesting the device data into Splunk and actually using it in Splunk ES.

Pi-hole

Vendor Website: https://pi-hole.net/

Pi-hole is a network-wide AD blocking DNS server. It is popular among home lab enthusiasts and those who want a more secure and private network. If you have not heard of them, you should check them out!

OPNsense Firewall

Vendor Website: https://opnsense.org/

OPNsense is a powerful open-source stateful firewall used in both small home labs and commercial environments. It comes out of the box with powerful features. If you are familiar with Pfsense and you are looking for a change, OPNsense may be the answer.

Linux Iptables Add-on

I use Linux in a variety of projects I work with. I needed a way to capture IPtable logs, even if they had custom log prefixes. This simple add-on will extract all the fields from IPtable logs and map them to the CIM in Splunk.