MCP Server for Splunk Platform The Model Context Protocol (MCP) is an open standard and framework that enables seamless, secure, and standardized two-way communication between AI applications (like large language models) and external data sources or tools. It acts as a universal adapter allowing AI systems to access, execute, and integrate functionalities from diverse systems through a common protocol, simplifying data sharing and tool interoperability without custom coding for each integration.

*** Important: Read upgrade instructions and test add-on update before deploying to production *** The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

Splunk Enterprise Security (ES) solves a wide range of security analytics and operations use cases including continuous security monitoring, advanced threat detection, compliance, incident investigation, forensics and incident response. Splunk ES delivers an end-to-end view of organizations’ security postures with flexible investigations, unmatched performance, and the most flexible deployment options offered in the cloud, on-premises or hybrid deployment models. Splunk ES enables you to:

*** Important: Read upgrade Instructions and test add-on update before deploying to production *** There are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.

The Cisco Security Cloud application offers seamless integration for connecting your Cisco devices with Splunk. It features a modular UX input design, built-in health checks, and constant monitoring to ensure operational integrity.

The Splunk AI Toolkit, formerly MLTK: Machine Learning Toolkit, delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports. Splunk DB Connect supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, Teradata, InfluxDB and MongoDB Atlas & Standalone.

Splunk AI Assistant for SPL offers bi-directional translation between natural language (NL) and Splunk Search Processing Language (SPL) with the ability to be fully personalized in context of your unique environment and data. Before you can use Splunk AI Assistant for SPL, you must review and sign the legal terms for the app. This specialized End-User License Agreement (EULA) covers data usage and is only accessible if you have a Splunk.com account. See: https://www.splunk.com/en_us/download/ai-assistant.html

NumLookup is a phone intelligence app that provides reverse phone lookup services for phone number. Get owner's name and carrier information associated with any phone number. Are you frequently haunted by unknown numbers? Looking to find out who’s behind that mysterious call you just received? Say hello to NumLookup, the ultimate reverse phone lookup solution.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.

The Splunk Add-on for Microsoft Cloud Services allows a Splunk software administrator to pull activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services using Event Hubs, Azure Service Management APIs and Azure Storage API.

Splunk IT Service Intelligence (ITSI) is a monitoring and analytics solution powered by artificial intelligence for IT Operations (AIOps). It provides visibility into the health of critical IT and business services and their infrastructure. Use ITSI to solve a variety of IT challenges, including deriving service-level insights and analysis on events, metrics, and logs to find and fix the most important issues first.

The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.

Ever want to edit a lookup within Splunk with a user interface? Now you can. This app provides an Excel-like interface for editing, importing, and exporting lookup files (KV store and CSV-based).

This add-on collects data from Microsoft Azure including the following:

This app supports investigative DNS lookup actions on DNSDB

Integrate with Slack to post messages and attachments to channels

The app integrates with Zoom Meetings API to perform investigative and generic actions

This app implements investigative actions using RDAP

This app integrates with the Tenable.io API to provide endpoint-based investigative actions

This app extracts IOCs from various files such as PDFs, emails, or raw text

Integrates with G Suite for various investigative and containment actions

Splunk DBX Add-on for DB2 JDBC provides DB2 JDBC driver. Drivers can be use by others Splunk apps like DB Connect.

Use the Splunk Add-on for OpenTelemetry Collector to collect traces and metrics for Splunk Observability Cloud. To learn more about how Splunk Observability Cloud works with your environment to provide data, see https://help.splunk.com/en/splunk-observability-cloud/get-started

App specifically designed for interacting with Microsoft Active Directory's LDAP Implementation

This app integrates with Ivanti ITSM to provide ingestion and several ticketing actions

This app integrates with JIRA to perform several ticket management actions

The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.

Splunk Asset and Risk Intelligence Edge Discovery. Real-time IT Asset discovery and attribution.

Splunk Asset and Risk Intelligence Edge Discovery. Real-time IT Asset discovery and attribution.

Splunk Asset and Risk Intelligence Edge Discovery. Real-time IT Asset discovery and attribution.

The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.

*** Important: Read upgrade instructions and test add-on update before deploying to production *** The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

The Splunk Add-on for Google Cloud Platform allows a Splunk software administrator to collect google cloud platform events, logs, performance metrics and billing data using Google Cloud Platform API. After the Splunk platform indexes the events, you can analyze the data using the prebuilt panels included with the add-on. You can then directly analyze the data or use it as a contextual data feed to correlate with other Google Cloud-related data in the Splunk platform.

The Splunk Add-on for Microsoft Cloud Services allows a Splunk software administrator to pull activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services using Event Hubs, Azure Service Management APIs and Azure Storage API.

*** Important: Read upgrade Instructions and test add-on update before deploying to production *** There are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

The Splunk AI Toolkit, formerly MLTK: Machine Learning Toolkit, delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.

The Splunk Event Generator (Eventgen) is a utility which allows its users to easily build real-time event generators.

The Splunk Add-on for Okta Identity Cloud:

Ever want to edit a lookup within Splunk with a user interface? Now you can. This app provides an Excel-like interface for editing, importing, and exporting lookup files (KV store and CSV-based).

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports. Splunk DB Connect supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, Teradata, InfluxDB and MongoDB Atlas & Standalone.

Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges.

The Splunk Add-on for Microsoft Security collects incidents and alerts from Microsoft 365 Defender OR alerts from Microsoft Defender for Endpoint.

This add-on contains a Python interpreter bundled with the following scientific and machine learning libraries: numpy, scipy, pandas, scikit-learn, and statsmodels. With this add-on, you can import these powerful libraries in your own custom search commands, custom rest endpoints, modular inputs, and so forth.

This app (also known as SA-ldapsearch) provides support functions to the Content Pack for Windows Dashboards and Reports (https://docs.splunk.com/Documentation/CPWindowsDash/latest/CP/About), Content Pack for Microsoft Exchange (https://docs.splunk.com/Documentation/CPExchange/latest/CP/About) that enable you to extract information from an Active Directory database. For instance, you can search Active Directory for records, presenting the records as events, or augment existing events with information from Active Directory based on information within the events.

The Splunk Add-On for Sysmon enables customers to create and persist connection to Microsoft Sysmon so that the available detection, events, incident and audit data can be continually streamed to their Splunk Environment. This connection enables organisations to combine the power of the Splunk platform with the visibility and rich event data source of the Microsoft Sysmon utility running on Windows platforms. The Splunk Add-on for Sysmon collects data from Sysmon’s dedicated Windows Event log. Add-On map events for CIM data models: Endpoint, Network Resolution (DNS), Network Traffic, Change.

This app supports investigative actions against a Microsoft Azure SQL Server

This App exposes various Phantom APIs as actions

This app integrates with JIRA to perform several ticket management actions

This app integrates with the VirusTotal cloud to implement investigative and reputation actions using v3 APIs

This app integrates with ServiceNow to perform investigative and generic actions

This app integrates with Splunk to update data on the device, in addition to investigate and ingestion actions

This app implements URL investigative capabilities utilizing PhishTank

This app provides the ability to send email using SMTP

App specifically designed for interacting with Microsoft Active Directory's LDAP Implementation

This app supports email ingestion and various investigative actions over IMAP

This app performs email ingestion, investigative and containment actions on an on-premise Exchange installation

Integrate with Slack to post messages and attachments to channels

This app integrates with the Screenshot Machine service

This app supports executing various endpoint-based investigative and containment actions on an SSH endpoint

This app implements investigative actions that query the whois database

This app integrates with the Windows Remote Management service to execute various actions