Splunk Apps

Splunk Apps

I currently develop and maintain a handful of Splunkbase apps/add-ons. Each app/add-on I develop is for a product or tool I enjoy using. All my apps can be found on Splunkbase or Github. I also provide detailed documentation for each app that is released.

SA-AwsAssets

Vendor Website: https://aws.amazon.com/

SA-AwsAssets is intended to work with Splunk Enterprise Security (ES) and AWS. This supporting add-on does not replace the existing method of ingesting data into Splunk. Instead, it is used to bridge the gap between ingesting the device data into Splunk and actually using it in Splunk ES.

SA-AwsAssets

Splunkbase: https://splunkbase.splunk.com/app/6660

GitHub: https://github.com/ZachChristensen28/SA-AwsAssets

Documentation: https://splunk-sa-aws.ztsplunker.com/

SA-SentinelOneDevices

Vendor Website: https://www.sentinelone.com/

SA-CrowdstrikeDevices is intended to work with Splunk Enterprise Security (ES) and SentinelOne. This supporting add-on does not replace the existing SentinelOne App For Splunk to ingest data into Splunk. Instead, it is used to bridge the gap between ingesting the device data into Splunk and actually using it in Splunk ES.

SA-SentinelOneDevices

Splunkbase: https://splunkbase.splunk.com/app/6612

GitHub: https://github.com/ZachChristensen28/SA-SentinelOneDevices

Documentation: https://splunk-sa-sentinelone.ztsplunker.com/

SA-CrowdstrikeDevices

Vendor Website: https://www.crowdstrike.com/

SA-CrowdstrikeDevices is intended to work with Splunk Enterprise Security (ES) and Crowdstrike. This supporting add-on does not replace the existing Crowdstrike add-on to ingest data into Splunk. Instead, it is used to bridge the gap between ingesting the device data into Splunk and actually using it in Splunk ES.

SA-CrowdstrikeDevices

Splunkbase: https://splunkbase.splunk.com/app/6573/

GitHub: https://github.com/ZachChristensen28/SA-CrowdstrikeDevices

Documentation: https://splunk-sa-crowdstrike.ztsplunker.com/

Pi-hole

Vendor Website: https://pi-hole.net/

Pi-hole is a network-wide AD blocking DNS server. It is popular among home lab enthusiasts and those who want a more secure and private network. If you have not heard of them, you should check them out!

Pi-hole DNS App for Splunk

Splunkbase: https://splunkbase.splunk.com/app/4506/

GitHub: https://github.com/ZachChristensen28/pihole_dns_app

Documentation: https://splunk-pihole.ztsplunker.com/

Pi-hole DNS Add-on for Splunk

Splunkbase: https://splunkbase.splunk.com/app/4505/

GitHub: https://github.com/ZachChristensen28/TA-pihole_dns

Documentation: https://splunk-pihole-ta.ztsplunker.com/

OPNsense Firewall

Vendor Website: https://opnsense.org/

OPNsense is a powerful open-source stateful firewall used in both small home labs and commercial environments. It comes out of the box with powerful features. If you are familiar with Pfsense and you are looking for a change, OPNsense may be the answer.

OPNsense App for Splunk

Splunkbase: https://splunkbase.splunk.com/app/5372/

GitHub: https://github.com/ZachChristensen28/Opnsense_App_for_Splunk

Documentation: https://splunk-opnsense.ztsplunker.com/

OPNsense Add-on for Splunk

Splunkbase: https://splunkbase.splunk.com/app/4538/

GitHub: https://github.com/ZachChristensen28/TA-opnsense

Documentation: https://splunk-opnsense-ta.ztsplunker.com/

Linux Iptables Add-on

I use Linux in a variety of projects I work with. I needed a way to capture IPtable logs, even if they had custom log prefixes. This simple add-on will extract all the fields from IPtable logs and map them to the CIM in Splunk.

Linux Iptables Add-on

Splunkbase: https://splunkbase.splunk.com/app/4490/

GitHub: https://github.com/ZachChristensen28/TA-linux_iptables

Documentation: https://splunk-iptables.ztsplunker.com/