*** Important: Read upgrade instructions and test add-on update before deploying to production *** The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

Ever want to edit a lookup within Splunk with a user interface? Now you can. This app provides an Excel-like interface for editing, importing, and exporting lookup files (KV store and CSV-based).

Splunk Enterprise Security (ES) solves a wide range of security analytics and operations use cases including continuous security monitoring, advanced threat detection, compliance, incident investigation, forensics and incident response. Splunk ES delivers an end-to-end view of organizations’ security postures with flexible investigations, unmatched performance, and the most flexible deployment options offered in the cloud, on-premises or hybrid deployment models. Splunk ES enables you to:

NumLookup is a phone intelligence app that provides reverse phone lookup services for phone number. Get owner's name and carrier information associated with any phone number. Are you frequently haunted by unknown numbers? Looking to find out who’s behind that mysterious call you just received? Say hello to NumLookup, the ultimate reverse phone lookup solution.

Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges.

The Splunk Machine Learning Toolkit delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.

*** Important: Read upgrade Instructions and test add-on update before deploying to production *** There are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.

Splunk AI Assistant for SPL offers bi-directional translation between natural language (NL) and Splunk Search Processing Language (SPL). Before you can use Splunk AI Assistant for SPL, you must review and sign the legal terms for the app. This specialized End-User License Agreement (EULA) covers data usage and is only accessible if you have a Splunk.com account. See: https://www.splunk.com/en_us/download/ai-assistant.html

This add-on contains a Python interpreter bundled with the following scientific and machine learning libraries: numpy, scipy, pandas, scikit-learn, and statsmodels. With this add-on, you can import these powerful libraries in your own custom search commands, custom rest endpoints, modular inputs, and so forth.

MCP Server for Splunk Platform

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports. Splunk DB Connect supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, Teradata, InfluxDB and MongoDB Atlas & Standalone.

The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.

The Splunk Add-On for Sysmon enables customers to create and persist connection to Microsoft Sysmon so that the available detection, events, incident and audit data can be continually streamed to their Splunk Environment. This connection enables organisations to combine the power of the Splunk platform with the visibility and rich event data source of the Microsoft Sysmon utility running on Windows platforms. The Splunk Add-on for Sysmon collects data from Sysmon’s dedicated Windows Event log. Add-On map events for CIM data models: Endpoint, Network Resolution (DNS), Network Traffic, Change.

The Cisco Networks Add-on for Splunk Enterprise (TA-cisco_ios) sets the correct sourcetype and fields used for identifying data from Cisco Switches & Routers (Cisco IOS, IOS XE, IOS XR and NX-OS devices), WLAN Controllers and Access Points, using Splunk® Enterprise & Splunk® Cloud.

The Splunk Add-on for Symantec Blue Coat ProxySG allows a Splunk software administrator to collect bluecoat weblog data from Symantec Blue Coat ProxySG log files in W3C ELFF format. After the Splunk platform indexes the events, you can analyze the data using the prebuilt panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

MCP Server for Splunk Platform

The Splunk Add-on for Oracle Database allows a Splunk software administrator to collect and ingest data from the Oracle Database Server. This add-on can import data directly by monitoring the standard and fine-grained audit trails, trace files, incident, alert, listener, and other logs on the operating system where the Oracle Database Server is installed. Through log file monitoring and field extraction, the database administrator can create alerts and dashboards to track what errors, problems, or incidents happen to the database in real time. This add-on leverages Splunk DB Connect to collect basic performance and inventory data from Oracle database tables. Using trace logs and inventory and performance metrics, database administrators can correlate events.

The Splunk Add-on for Carbon Black (formerly Splunk Add-on for Bit9 Carbon Black) allows a Splunk® Enterprise administrator to collect notifications and event data in JSON format from Carbon Black servers over a pub/sub bus. The add-on collects watchlist hit, feed hit, new binary instance, and binary file upload complete notifications, as well as raw endpoint events. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk App for Enterprise Security and the Splunk App for PCI Compliance.

This connector integrates with the Splunk Attack Analyzer platform to reduce the friction of repetitive manual tasks typically associated with investigating threats

This app connects to Office 365 using the MS Graph API to support investigate and generic actions related to the email messages and calendar events

The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.

This app integrates with Cisco Webex to implement investigative and genric actions

This app supports various generic and investigate actions on Tanium Threat Response

This app supports investigative actions on urlscan.io

The Splunk App for Chargeback aids customers in both Splunk Enterprise and Splunk Cloud Platform to better understand their license usage by categorizing it usage by business units and departments.

This app integrates with MalwareBazaar from abuse.ch to provide investigative actions

This app supports investigative and data manipulation actions on Snowflake

The Splunk Health Assistant Add-on lets you download and install new health check items as they become available for the monitoring console in Splunk Enterprise. The add-on is updated with new health check items independently of Splunk Enterprise releases, which lets you update and monitor your deployment with the latest health checks, without waiting for a Splunk Enterprise release or requesting help from Splunk Support.

Use the Splunk Add-on for OpenTelemetry Collector to collect traces and metrics for Splunk Observability Cloud. To learn more about how Splunk Observability Cloud works with your environment to provide data, see https://help.splunk.com/en/splunk-observability-cloud/get-started

This app provides policy management capabilities for Runtime App Security

The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.

*** Important: Read upgrade instructions and test add-on update before deploying to production *** The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

The Splunk Add-on for Google Cloud Platform allows a Splunk software administrator to collect google cloud platform events, logs, performance metrics and billing data using Google Cloud Platform API. After the Splunk platform indexes the events, you can analyze the data using the prebuilt panels included with the add-on. You can then directly analyze the data or use it as a contextual data feed to correlate with other Google Cloud-related data in the Splunk platform.

The Splunk Add-on for Microsoft Cloud Services allows a Splunk software administrator to pull activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services using Event Hubs, Azure Service Management APIs and Azure Storage API.

*** Important: Read upgrade Instructions and test add-on update before deploying to production *** There are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

The Splunk Machine Learning Toolkit delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.

The Splunk Event Generator (Eventgen) is a utility which allows its users to easily build real-time event generators.

The Splunk Add-on for Okta Identity Cloud:

Ever want to edit a lookup within Splunk with a user interface? Now you can. This app provides an Excel-like interface for editing, importing, and exporting lookup files (KV store and CSV-based).

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports. Splunk DB Connect supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, Teradata, InfluxDB and MongoDB Atlas & Standalone.

Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges.

The Splunk Add-on for Microsoft Security collects incidents and alerts from Microsoft 365 Defender OR alerts from Microsoft Defender for Endpoint.

This app (also known as SA-ldapsearch) provides support functions to the Content Pack for Windows Dashboards and Reports (https://docs.splunk.com/Documentation/CPWindowsDash/latest/CP/About), Content Pack for Microsoft Exchange (https://docs.splunk.com/Documentation/CPExchange/latest/CP/About) that enable you to extract information from an Active Directory database. For instance, you can search Active Directory for records, presenting the records as events, or augment existing events with information from Active Directory based on information within the events.

This add-on contains a Python interpreter bundled with the following scientific and machine learning libraries: numpy, scipy, pandas, scikit-learn, and statsmodels. With this add-on, you can import these powerful libraries in your own custom search commands, custom rest endpoints, modular inputs, and so forth.

The Splunk Add-On for Sysmon enables customers to create and persist connection to Microsoft Sysmon so that the available detection, events, incident and audit data can be continually streamed to their Splunk Environment. This connection enables organisations to combine the power of the Splunk platform with the visibility and rich event data source of the Microsoft Sysmon utility running on Windows platforms. The Splunk Add-on for Sysmon collects data from Sysmon’s dedicated Windows Event log. Add-On map events for CIM data models: Endpoint, Network Resolution (DNS), Network Traffic, Change.

This app supports investigative actions against a Microsoft Azure SQL Server

This App exposes various Phantom APIs as actions

This app integrates with JIRA to perform several ticket management actions

This app integrates with the VirusTotal cloud to implement investigative and reputation actions using v3 APIs

This app integrates with ServiceNow to perform investigative and generic actions

This app integrates with Splunk to update data on the device, in addition to investigate and ingestion actions

This app implements URL investigative capabilities utilizing PhishTank

This app provides the ability to send email using SMTP

App specifically designed for interacting with Microsoft Active Directory's LDAP Implementation

This app supports email ingestion and various investigative actions over IMAP

This app performs email ingestion, investigative and containment actions on an on-premise Exchange installation

This app integrates with the Screenshot Machine service

This app supports executing various endpoint-based investigative and containment actions on an SSH endpoint

This app implements investigative actions that query the whois database

Integrate with Slack to post messages and attachments to channels

This app integrates with the Windows Remote Management service to execute various actions