IT and Security professionals can now use at-a-glance dashboards for their services, users and infrastructure. Splunk Administrators can also use the custom commands within the product to augment information from other sources with Active Directory information, including an IP address to Username correlation. Splunk App for Active Directory comes with over fifty out-of-the-box dashboards and reports.
Splunk App for Active Directory is a comprehensive solution for managing your Microsoft Windows Server Active Directory forest. It contains dashboards for:
Splunk App for Active Directory supports Windows Server 2003 up to Windows Server 2012 and is fully supported by Splunk Support.
To install, download the suite, then follow the detailed instructions
IMPORTANT: If upgrading from v1.0, please be sure to follow the upgrade information in the documentation. FAILURE TO FOLLOW UPGRADE INSTRUCTIONS WILL MEAN THE APP WILL NOT OPERATE AS INTENDED.
This [Windows | AD] App has been superseded by the new Windows Infrastructure app for use with Splunk 6.0. Please download the new application instead. - http://apps.splunk.com/app/1680/
• Splunk version 4.3.6 no longer warns of a configuration conflict in%SPLUNK_HOME%\etc\apps\Splunk_for_ActiveDirectory\metadata\default.meta when started from the command line.
• The app now returns data for the "Failed Logons by IP Address" dashboard.
• A problem with the TA_DomainController_NT6 technology add-on was fixed. The TA now collects "Processor" performance metrics correctly.
1. TA’s are now compatible with 5.x for perfmon data collection.
2. Registered new event codes (1014, 5782, 1056).
3. Improvement to Anomalous logons dashboard.
4. Fixed default.meta to remove warning messages on splunk restart.
* Corrected detection of Inter-Site Topology Generator
* Corrected detection of failed logons
* Implemented numerous performance improvements
* Added more anomalous event code
* Improved navigation and rendering in older browsers
* Updated the drop-downs for the Audit dashboards so you can specify a DNS Domain as well as a NetBIOS Domain name. This will assist when transitioning to Windows Server 2012 as well as cross-app linkage.
* Updated throughout to use the new SA-ldapsearch app, which is available on Splunkbase at http://splunk-base.splunk.com/apps/Splunk%20Support%20for%20Active%20Directory
* Corrected many search errors in combined NT5/NT6 environments.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.