machine_learning

Advanced_Experimentation

Foundational_Capabilities

Intelligent_Experiences

pipeline

auditing_compliance

dora_metrics

monitor

detection_response

identity

workload_monitoring

email_security

network

endpoint

accenture

learn_more_accenture

splunk_built_accenture

cloud_first

security

respond

enrich

detect

staff_picks

it_operations

The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.

Security Content consists of tactics, techniques, and methodologies that help with detection, investigation, and response. Security Content enables security teams to directly operationalize detection searches, investigative searches, and other supporting details. ESCU can generate Notable Events in Splunk Enterprise Security. Security Content also contains easy-to-read background information and guidance, for key context on motivations and risks associated with attack techniques, as well as pragmatic advice on how to combat those techniques.

The analytic stories and their searches are also available at https://github.com/splunk/security-content.

Splunk ES Content Update

This app integrates with the VirusTotal cloud to implement investigative and reputation actions using v3 APIs

VirusTotal v3

This app supports executing investigative and reputation actions on the URLVoid service

APIvoid

This app integrates with an instance of AlienVault OTX to perform investigative actions

AlienVault OTX

This app integrates with AbuseIPDB to perform investigative actions

AbuseIPDB

The Splunk App for Chargeback helps customers understand Splunk Virtual Compute (SVC) usage by business unit & department and uses the same exact SVC usage information provided in the customer's stack Cloud Monitoring Console (CMC) App.
Click on the details tab to watch the conf23 bonus videos.

IMPORTANT NOTES:
1. The document is now part of the app located in the home dashboard. 
2. Please try installing the App on your own instead of requesting it to be installed for a better experience.  Simply browse for more Apps, search for chargeback and then click on Install next to the Splunk App for Chargeback.  See the document in the home page.

Description
Splunk App for Chargeback provides an easy-to-use experience to analyze how internal business units are leveraging Splunk.  The App provides the framework necessary for Chargeback and/or Showback use cases for:
1. Splunk Virtual Compute (SVC)
2. Dynamic Data: Active Searchable (DDAS)
3. Dynamic Data: Active Archive (DDAA)
4. Dynamic Data: Self-Storage (DDSS)
5. SmartStore

The app provide the following functionally to all Splunk Cloud customers:
- Framework for customers to build their own Chargeback and/or Showback models
- Means to determine how many SVCs are allocated to various business units, departments, and users in those departments [Accounting].
- Means to automatically determine how Splunk Cloud stack resources are being used by the various business units [Utilization].
- Ability to drill-down and break down the usage starting at the highest level in the business all the way down to the user level
- Ability to forecast SVC usage for the entire organization and by business unit using Splunk Machine Learning
- Accurately maintained up-to-date list of identities along with corresponding Business Unit & Department information by way of indexing the data from a source like DB Connect or Active Directory

ODS Support
You can open an ODS request under task Install/Configure App or TA/Add-On in the support portal (https://www.splunk.com/pdfs/professional-services/splunk-ondemand-services-portal.pdf). Select after choosing Pick your Product = Splunk Core - Enterprise/Splunk Cloud. Enter under the subject/description that you need help configuring the Splunk App for Chargeback specifically. 

Feedback is always welcome and appreciated.

Splunk App for Chargeback

The Splunk Add-on for VMware Metrics is a collection of add-ons used to collect and transform the Performance, Inventory, Tasks, and Events data from VMware vCenters, ESXi hosts, and virtual machines. The Splunk Add-on for VMware Metrics contains the following components:

Splunk_TA_vmware_inframon - Runs a Python-based API data collection engine, collects data from VMware vSphere environment, and performs field extractions for VMware data.
SA-Hydra-inframon - Collects API-based data from vCenter. It schedules jobs and runs the worker processes on each data collection node.
Please install the Splunk Add-on for VMware Metrics Indexes (https://splunkbase.splunk.com/app/5602/) in order to define the indexes used by Splunk Add-on for VMware Metrics. Follow the Install and Configure Splunk Add-on for VMware Metrics Indexes (https://docs.splunk.com/Documentation/AddOns/released/VMWmetricsindexes/CollectData). 

The packages "SA-VMWIndex-inframon", "Splunk_TA_vcenter" and "Splunk_TA_esxilogs" have been removed from Splunk Add-on for VMware Metrics build and published as an individual Splunkbase App in order to make the add-on SSAI-compatible in the cloud environments.

If you would like to collect the vCenter logs from your environment, then install Splunk Add-on for vCenter Logs (https://splunkbase.splunk.com/app/5601/) by following the steps mentioned in Install and Configure Splunk Add-on for vCenter Logs (https://docs.splunk.com/Documentation/AddOns/released/VMWvcenterlogs/CollectData).

If you would like to collect the ESXi logs from your environment, then install Splunk Add-on for VMware ESXi Logs (https://splunkbase.splunk.com/app/5603/) by following the steps mentioned in Install and Configure Splunk Add-on for VMware ESXi Logs (https://docs.splunk.com/Documentation/AddOns/released/VMWesxilogs/CollectData).

Each component and TAs work with a different part of the VMware infrastructure to collect and transform the data into the format needed for the Splunk App for Infrastructure (SAI) and IT Service Intelligence (ITSI). The add-on is required to work with the Splunk OVA for VMware Metrics. (https://splunkbase.splunk.com/app/5096/).

Splunk Add-on for VMware Metrics

The Splunk Add-on for VMware is a collection of add-ons used to collect and transform data from VMware vCenters, ESXi hosts and Virtual Machines. The Splunk Add-on for VMware contains the below components:

1) Splunk_TA_Vmware - Contains the python based API data collection engine and collects data from VMware environment.

2) SA-Hydra - Collects API based data from vCenter. It schedules jobs from the Search Head and runs the worker processes on each data collection node.

Please install the Splunk Add-on for VMware Indexes (https://splunkbase.splunk.com/app/5640/) in order to define the indexes used by Splunk Add-on for VMware. Follow the Install and Configure Splunk Add-on for VMware Indexes(https://docs.splunk.com/Documentation/AddOns/released/VMWindex/Datacollection). 

Please install the Splunk Add-on for VMware Extractions (https://splunkbase.splunk.com/app/5641/) which contains the search time extractions for use with the Splunk IT Service Intelligence Virtualization Module and the Splunk App for VMware. Follow the Install and Configure Splunk Add-on for VMware Extractions (https://docs.splunk.com/Documentation/AddOns/released/VMWextractions/Datacollection).

The packages "SA-VMWIndex", "TA-VMW-FieldExtractions", "Splunk_TA_vcenter" and "Splunk_TA_esxilogs" have been removed from Splunk Add-on for VMware build and published as an individual Splunkbase App in order to make the add-on compatible with Self-service installation in cloud environments

If you would like to collect the vCenter logs from your environment, then install Splunk Add-on for vCenter Logs (https://splunkbase.splunk.com/app/5601) by following the steps mentioned in Install and Configure Splunk Add-on for vCenter Logs (https://docs.splunk.com/Documentation/AddOns/released/VMWvcenterlogs/CollectData).

If you would like to collect the ESXi logs from your environment, then install Splunk Add-on for VMware ESXi Logs (https://splunkbase.splunk.com/app/5603/) by following the steps mentioned in Install and Configure Splunk Add-on for VMware ESXi Logs (https://docs.splunk.com/Documentation/AddOns/released/VMWesxilogs/CollectData).

Each component works with a different part of the VMware Infrastructure to collect and transform the data into the format needed for the Splunk App for VMware and the Virtualization Module for ITSI, and is required to work with the Splunk OVA for VMware (https://splunkbase.splunk.com/app/3216/).

Splunk Add-on for VMware

This app (also known as SA-ldapsearch) provides support functions to the Content Pack for Windows Dashboards and Reports (https://docs.splunk.com/Documentation/CPWindowsDash/latest/CP/About), Content Pack for Microsoft Exchange (https://docs.splunk.com/Documentation/CPExchange/latest/CP/About) that enable you to extract information from an Active Directory database. For instance, you can search Active Directory for records, presenting the records as events, or augment existing events with information from Active Directory based on information within the events.

Splunk Supporting Add-on for Active Directory

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

Splunk Common Information Model (CIM)

Welcome to the Splunk Cloud Migration Assessment App
This app is designed for existing Splunk customers interested in migrating to Splunk Cloud, our Software as a Service (SaaS) solution. The app will assess your current Splunk Enterprise deployment that is running on-premises or in a bring your own license (BYOL) model and provide guidance for your migration to Splunk Cloud.

The high-level assessment captured by this app will also provide data points to help our Sales Engineering and PS Teams scope your migration efforts, implement best practices, and prioritize your migration success. For more detailed information on the compatibility of your apps, use the Analysis Of SplunkBase Apps for Splunk.

Note:
This App is self-documenting and will guide you through the experience.  Be sure to follow the in-App guidance.  The calculations in this app are meant to be directional and for educational purposes only.   Results are not guaranteed.

Installation:
This app can only evaluate the data that available in the search results. Therefore, this App should be installed on the Splunk Monitoring Console (MC).  The MC should have access to all Splunk servers in your environment.  This App is compatible with all versions of Splunk 6.5.x and above.  

Quick & Dirty:
Sometimes it is hard to get an App installed, or you might want to do some covert investigations.  To initiate these discussions with your Splunk Account team, run the following search from your Monitoring Console (MC) and save the results.  It is not nearly a complete assessment, but if we can only get the results from one search, this is it:

index=_audit search_id!="'rsa_*" search_id!="'RemoteStorageRetrieveBuckets_*" search_id!="'searchparsetmp_*" search_id!="'remote_*" search_id=* total_run_time earliest=-7d@d latest=@d 
| eval host_sid = 'host'.":".'search_id'
| bin _time span=1d
| stats dc(host_sid) AS search_count by _time
| stats avg(search_count) AS search_count_daily_avg
| eval search_count_daily_avg=round(search_count_daily_avg,0)

You can also run any one of the checks individually, which are listed under Tools -> Health Check Items.  

Please contact Splunk Support with any questions regarding this App.

**** If you are upgrading the App, be sure to remove the old App folder before installing the new version.

Cloud Migration Assessment App for Splunk (SCMA)

The Splunk App for PCI Compliance (for Splunk Enterprise) is a Splunk developed and supported App designed to help organizations meet PCI DSS 3.2 requirements.  It reviews and measures the effectiveness and status of PCI compliance technical controls in real time. It can also identify and prioritize any control areas that may need to be addressed and let you quickly address any auditor report or data request. 

The App provides out-of-the-box searches, dashboards, reports, an incident response framework, and integration with employee and asset information to give you visibility into system, application, and device activity relevant to PCI compliance. 

NOTE: There are two installer options for this App. If you are installing the App on Splunk Enterprise 6.4+ use the installer on this page. But if you are installing the App on Splunk Enterprise Security, use the installer at https://splunkbase.splunk.com/app/2897/

The Splunk App for PCI Compliance requires a paid license.

Splunk App for PCI Compliance - Splunk Enterprise

The Splunk App for PCI Compliance (for Splunk Enterprise Security) is a Splunk developed and supported App designed to help organizations meet PCI DSS 3.2 requirements. It reviews and measures the effectiveness and status of PCI compliance technical controls in real time. It can also identify and prioritize any control areas that may need to be addressed and let you quickly address any auditor report or data request. 

The App provides out-of-the-box searches, dashboards, reports, an incident response framework, and integration with employee and asset information to give you visibility into system, application, and device activity relevant to PCI compliance. 

NOTE: There are two installer options for this App. If you are installing the App on Splunk Enterprise Security use the installer on this page. If you are installing the App stand-alone on Splunk Enterprise, use the installer https://splunkbase.splunk.com/app/1143

The Splunk App for PCI Compliance requires a paid license.

Splunk App for PCI Compliance - Splunk Enterprise Security

Splunk Enterprise Security (ES) solves a wide range of security analytics and operations use cases including continuous security monitoring, advanced threat detection, compliance, incident investigation, forensics and incident response. Splunk ES delivers an end-to-end view of organizations’ security postures with flexible investigations, unmatched performance, and the most flexible deployment options offered in the cloud, on-premises or hybrid deployment models. Splunk ES enables you to: 

- Conquer alert fatigue with high-fidelity Risk-Based Alerting.
- Bring visibility across your hybrid environment with multicloud security monitoring.
- Conduct flexible investigations for effective threat hunting across security, IT and DevOps data sources.

Splunk ES is a premium security solution requiring a paid license.

Splunk Enterprise Security

The Splunk App for Anomaly Detection finds anomalies in time series datasets and provides an end-to-end workflow to manage and operationalize anomaly detection tasks. The app detects seasonal patterns and finds anomalies in just a couple of clicks.


Using the app, you can create anomaly detection jobs, run these jobs on a regular cadence, view SPL queries, and create alerts. The app works with any time series dataset that can be ingested into the Splunk platform, provided the points in the time series are evenly spaced.


The app uses machine learning to detect seasonality in the data without user inputs, lowering the barriers to realizing value. The app also performs health diagnostics on the time series to check whether the dataset is suitable for anomaly detection using our algorithm. If the dataset is not fit for anomaly detection with our algorithm, we have included steps to preprocess the data in the docs. (We are working on supporting more time series out of the box without preprocessing steps for the next version).


When you create an anomaly detection job, the app generates an SPL query you can view and use elsewhere within Splunk.


Similar to other Splunk applications, the resource consumption of CPU and memory is commensurate with the size of the datasets that you use.


This app is available for both on-premise and cloud customers.

Splunk App for Anomaly Detection

This add-on uses the Splunk On-Call API to collect administrative (user, team, oncall, etc) and incident data to allow visualization and analysis of this data in Splunk. Learn more about this add-on here: https://help.victorops.com/knowledge-base/splunking-victorops-data/

Splunk Add-on for On-Call (VictorOps)

*** Important: Read upgrade instructions and test add-on update before deploying to production ***
The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

Neither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0.0 is supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.

The Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.

Splunk Add-on for Microsoft Windows

*** Important: Read upgrade Instructions and test add-on update before deploying to production ***
There are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.


The Splunk Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments.  With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environments.

Splunk Add-on for Unix and Linux

The Splunk Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.

With the app you will learn basic Simple XML concepts and how to incorporate the built-in components. All the included examples deliver a recipe for implementing dashboard elements, beginning with the most basic and progressing to more advanced elements.  Each example in the app includes an actual runtime visualization followed by a description and supporting source code.

(c) 2016-2020 Splunk Inc. All Rights Reserved.

Splunk Dashboard Examples

Version 7.0.0 of the Splunk Add-on for AWS includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. Configure the Splunk Add-on for AWS to ingest across all AWS data sources for ingesting AWS data into your Splunk platform deployment.

If you use both the Splunk Add-on for Amazon Security Lake as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Security Lake before upgrading the Splunk Add-on for AWS to version 7.0.0 or later in order to avoid any data duplication and discrepancy issues.
__________________________________________________________________________________________________________

Ingesting data from AWS to Splunk Cloud? Have you tried the new Splunk Data Manager yet? Data Manager makes AWS data ingestion simpler, more automated and centrally managed for you, while co-existing with AWS and/or Kinesis TAs. Read our blog post to learn more about Data Manager and it’s availability on your Splunk Cloud instance: https://splk.it/3e9F863
__________________________________________________________________________________________________________

The Splunk Add-on for Amazon Web Services allows a Splunk software administrator to collect:
* Configuration snapshots, configuration changes, and historical configuration data from the AWS Config service.
* Metadata for your AWS EC2 instances, reserved instances, and EBS snapshots.
* Compliance details, compliance summary, and evaluation status of your AWS Config Rules.
* Assessment Runs and Findings data from the Amazon Inspector service.
* Management and change events from the AWS CloudTrail service.
* VPC flow logs and other logs from the CloudWatch Logs service.
* Performance and billing metrics from the AWS CloudWatch service.
* Billing reports that you have configured in AWS.
* S3, CloudFront, and ELB access logs.
* Generic data from your S3 buckets.
* Generic data from your Kinesis streams.
* Generic data from SQS.
* Security events from Amazon Security Lake

This add-on provides modular inputs and CIM-compatible knowledge to use with other apps, such as the Splunk App for AWS, Splunk Enterprise Security and Splunk IT Service Intelligence.

Versions 5.0.0 and later of the Splunk Add-on for AWS is compatible only with Splunk Enterprise version 8.0.0 and above.

Splunk Add-on for Amazon Web Services (AWS)

The Splunk Event Generator (Eventgen) is a utility which allows its users to easily build real-time event generators.

Eventgen allows an app developer to get events into Splunk to test their applications. It provides a somewhat ridiculous amount of configurability to allow users to simulate real data.

To join the development community, please go to https://github.com/splunk/eventgen.
For documentation, please go to the Eventgen Documentation(http://splunk.github.io/eventgen/).

Eventgen

Splunk Machine Learning Toolkit

The Splunk Machine Learning Toolkit App delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ml concepts. 

Each assistant includes end-to-end examples with datasets, plus the ability to apply the visualizations and SPL commands to your own data. You can inspect the assistant panels and underlying code to see how it all works.

Look for our ML Youtube Playlist for simple explanations of how to use MLTK and what it is for..

ML Cheat Sheet https://docs.splunk.com/images/3/3f/Splunk-MLTK-QuickRefGuide-2019-web.pdf

Assistants:
* Predict Numeric Fields (Linear Regression): e.g. predict median house values.
* Predict Categorical Fields (Logistic Regression): e.g. predict customer churn.
* Detect Numeric Outliers (distribution statistics): e.g. detect outliers in IT Ops data.
* Detect Categorical Outliers (probabilistic measures): e.g. detect outliers in diabetes patient records.
* Forecast Time Series: e.g. forecast data center growth and capacity planning.
* Cluster Numeric Events: e.g. Cluster Hard Drives by SMART Metrics

Smart Assistants (new assistants with revamped UI and better ml pipeline/experiment management):
*Smart Forecasting Assistant (provides enhanced time-series analysis for users with little to no SPL knowledge and leverages the StateSpaceForecasting algorithm): e.g. forecasting app logons with special days

Available on both on-premise and cloud.

Splunk App for Data Science and Deep Learning
The Splunk App for Data Science and Deep Learning (DSDL), formerly known as the Deep Learning Toolkit (DLTK), lets you integrate advanced custom machine learning and deep learning systems with the Splunk platform. The app extends the Splunk Machine Learning Toolkit (MLTK) with prebuilt Docker containers for TensorFlow, PyTorch, and a collection of data science, NLP, and classical machine learning libraries. When you use the predefined workflows of Jupyter Lab Notebooks, the app enables you to build, test, and operationalize customized models with the Splunk platform. You can leverage GPUs for compute-intense training tasks and deploy models on CPU or GPU enabled containers.

Splunk Community for MLTK Algorithms on GitHub
Check out our Open Source community on Github that lets you share your algorithms with the community of Splunk MLTK users or import one of the algorithms that have been shared by the community: https://github.com/splunk/mltk-algo-contrib

The GitHub repo algorithms are also available as an app which provides access to custom algorithms. Cloud customers can use GitHub algorithms via this app and need to create a support ticket to have this installed:https://splunkbase.splunk.com/app/4403/
Available on cloud and on-premise

Splunk Machine Learning Toolkit

Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports. Splunk DB Connect supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, and Teradata.

Use Splunk DB Connect's Inputs to import structured data for powerful indexing, analysis, and visualization. Use Outputs to export machine data insights to a legacy database to increase your organization's insight. Use Lookups to add meaningful information to your event data by referencing fields in an external database. Use query commands to build live dashboards mixing structured and unstructured data.

Splunk DB Connect

Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges. 

Security Content Library
Find security content for Splunk Cloud and Splunk's SIEM and SOAR offerings and deploy out-of-the-box security detections and analytic stories to enhance your investigations and improve your security posture. 

Cybersecurity Frameworks
Identify gaps in your defenses and take control of your security posture with automatic mapping of data and security detections to MITRE ATT&CK® and Cyber Kill Chain® framework.

Data and Content Introspection
Gain visibility of the data coming into your environment to add context and telemetry to security events. Enrich your security detections with metadata and tags from the Security Content Library.

Security Data Journey
Get prescriptive security and data recommendations and establish a data strategy to develop a security maturity roadmap. 

Learn more:
Download the Product Brief : https://www.splunk.com/pdfs/product-briefs/splunk-security-essentials.pdf
Try out Splunk Security Essentials: https://www.splunk.com/en_us/form/splunk-security-essentials-online-demo.html
Check out the Documentation site: https://docs.splunk.com/Documentation/SSE

Splunk Security Essentials

Ever want to edit a lookup within Splunk with a user interface? Now you can. This app provides an Excel-like interface for editing, importing, and exporting lookup files (KV store and CSV-based).

This app also makes your lookups work in Search Head Clustered environments (edits to lookups will be propagated to other search heads).

Revision history is maintained for lookups so that you can view or restore older lookups quickly in the interface.

Check out the Documentation site: 
https://docs.splunk.com/Documentation/LookupEditor

Splunk App for Lookup File Editing

Custom Visualizations give you new interactive ways to visualize your data during search and investigation, and to better communicate results in dashboards and reports. After installing this app you’ll find a Sankey diagram as an additional item in the visualization picker in Search and Dashboard.

Sankey diagrams show metric flows and category relationships. You can use a Sankey diagram to visualize relationship density and trends.

A Sankey diagram shows category nodes on vertical axes. Fluid lines show links between source and target categories. Link width indicates relationship strength between a source and target.


(c) 2016-2020 Splunk Inc. All Rights Reserved.

Splunk Sankey Diagram - Custom Visualization

This Technology Add-on provides CIM compliant field extractions, eventtypes and tags for the pfSense firewall.

Fully Splunk App for Enterprise Security compatible.

Sponsored by Datapunctum GmbH

TA-pfsense

The Palo Alto Networks Add-on for Splunk allows a Splunk® Enterprise administrator to collect data from every product in the Palo Alto Networks Next-generation Security Platform. You can consume the data using the Palo Alto Network App for Splunk, Splunk Enterprise Security, and any App you create for your SOC or IT requirements.  This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk Enterprise apps, such as the Splunk Enterprise Security and the Splunk App for PCI Compliance.

Palo Alto Networks Add-on for Splunk

The Splunk Add-on for Cisco ASA allows a Splunk software administrator to map Cisco ASA devices events to the Splunk CIM. You can then use the data with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

Note: As of version 4.0.0 of the Splunk Add-on for Cisco ASA, Splunk does not support PIX and FWSM source types
Docs: https://docs.splunk.com/Documentation/AddOns/released/CiscoASA/Description

Splunk Add-on for Cisco ASA

TA-dmarc add-on for Splunk supports ingesting DMARC XML aggregate reports from
an IMAP/POP3 mailbox or local directory with mitigations against:

* ZIP bombs
* gzip bombs
* various XML attack vectors like billion laughs, quadratic blowup, external entity expansion and so on
* malformed reports
* false reports (alpha)

TA-dmarc add-on for Splunk

This app supports investigative actions against a Microsoft Azure SQL Server

Microsoft Azure SQL

This App exposes various Phantom APIs as actions

Phantom

Integrate with Slack to post messages and attachments to channels

Slack

This app implements containment and investigative actions on Zscaler

Zscaler

This app integrates with an instance of Mimecast to perform generic, investigative, and containment actions

Mimecast

This app integrates with JIRA to perform several ticket management actions

Jira

This app performs email ingestion, investigative and containment actions on an on-premise Exchange installation

Microsoft Exchange On-Premise EWS

This app ingests emails from a mailbox in addition to supporting various investigative and containment actions on an Office 365 service

EWS for Office 365

This app integrates with Windows Defender Advanced Threat Protection(ATP) to execute various containment, corrective, generic, and investigative actions

Windows Defender ATP

App specifically designed for interacting with Microsoft Active Directory's LDAP Implementation

AD LDAP

This app provides the ability to send email using SMTP

SMTP

This app integrates with ServiceNow to perform investigative and generic actions

ServiceNow

This app supports email ingestion and various investigative actions over IMAP

IMAP

This app implements investigative actions that query the whois database

WHOIS

Integrates a variety of generic, reputation, and investigative actions from the Anomali ThreatStream threat intelligence platform

ThreatStream

The Splunk Add-on for Microsoft Cloud Services allows a Splunk software administrator to pull activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services using Event Hubs,  Azure Service Management APIs and Azure Storage API.

This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance and Splunk IT Service Intelligence.

Splunk Add-on for Microsoft Cloud Services

This add-on collects data from Microsoft Azure including the following:

Azure AD Data
- Users - Azure AD user data
- Interactive Sign-ins - Azure AD sign-ins including conditional access policies and MFA
- Directory audits - Azure AD directory changes including old and new values
- Devices - Registered devices in Azure AD
- Groups
- Risk Detections
Azure Log Analytics (KQL)
Metrics
Estimated billing and consumption
- VM Reservation Recommendations
Inventory metadata
- Resource Groups - Resource group configuration
- Virtual Machines - VM, Disk, Image, and Snapshot configurations
- Virtual Networks - VNET, NSG, and Public IP configurations
- Managed Disks
- Subscriptions - Subscription name, ID, and type
- Topology - IaaS relationships
Azure Security Center
- Alerts
- Tasks
Azure Resource Graph

This add-on contains the following alert actions:

- Stop Azure VM - stops an Azure Virtual Machine.
- Add member to group - adds a user to a group.  This can be useful if you need to enable additional policies like MFA based on search results.
- Dismiss Azure Alert - dismisses an Azure Security Center alert.

Version 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above.

While this app is not formally supported, the developer can be reached at https://github.com/splunk/splunk-add-on-microsoft-azure/issues. Responses are made on a best-effort basis. Feedback is always welcome and appreciated!

Splunk Add on for Microsoft Azure

The Splunk Add-on for Microsoft Office 365 allows a Splunk software administrator to pull service status, service messages, and management activity logs from the Office 365 Management API. You can collect:

* Audit logs for Azure Active Directory, Sharepoint Online, and Exchange Online, supported by the Office 365 Management API. 
* Historical and current service status, and service messages for the corresponding Microsoft Office 365 Management API.
* Data Loss Prevention on Microsoft Office 365 Management API.

After the Splunk platform indexes the events, you can then directly analyze the data or use it as a contextual data feed to correlate with other data in the Splunk platform

Splunk Add-on for Microsoft Office 365

This add-on contains a Python interpreter bundled with the following scientific and machine learning libraries: numpy, scipy, pandas, scikit-learn, and statsmodels. With this add-on, you can import these powerful libraries in your own custom search commands, custom rest endpoints, modular inputs, and so forth.

This add-on is available for Linux (64-bit), Windows (64-bit) and Mac. Make sure you install the appropriate one for your Splunk deployment.

Python for Scientific Computing (for Linux 64-bit)

NumLookup is a phone intelligence app that provides reverse phone lookup services for phone number. Get owner's name and carrier information associated with any phone number. Are you frequently haunted by unknown numbers? Looking to find out who’s behind that mysterious call you just received? Say hello to NumLookup, the ultimate reverse phone lookup solution.

Features:

Comprehensive Database: With access to millions of records, we offer one of the most detailed and expansive databases in the reverse phone lookup industry.

Fast Results: Just enter the phone number, and within seconds, get comprehensive details about its owner, including their name, location, carrier, and more.

Privacy First: We understand the importance of your privacy. Our platform ensures that your searches are confidential and never stored.

Global Reach: Whether you’re looking up a local landline or an international mobile number, NumLookup has got you covered.

User-Friendly Interface: Our sleek design and easy-to-navigate interface mean anyone can use it without any tech hurdles.

Spam Detection: Protect yourself from unwanted spam calls. We offer insights into the nature of the call and community ratings, helping you decide whether to answer, ignore, or block.

Join millions of satisfied users who trust NumLookup for their reverse phone lookup needs. Stay informed, safe, and connected.