icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading OpenDNS Detective
SHA256 checksum (opendns-detective_115.tgz) 5d718230510bb81730dde81e743bdbb9fd968181690693e5855f37d06b2ecec4 SHA256 checksum (opendns-detective_100.tgz) 54068336b99de55ff948882e6c1c53a055f34b6ebb16ea75d601b72ff66d709e
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

OpenDNS Detective

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
This app has been replaced by CAVE Detective, which also has support for Virus Total.
https://splunkbase.splunk.com/app/4213/

This app provides a SPL command (| opendns) to query the Investigate API provided by OpenDNS. You must have a valid API key from OpenDNS in order for this App to work.

Once the data is queried from the Investigate API, it's stored in the opendns_cache KV Store configured by this App.

OpenDNS Detective App for Splunk
Version 1.0.0

WHAT DOES THIS APP DO?

This app provides a SPL command (| opendns) to query the Investigate API
provided by OpenDNS. You must have a valid API key from OpenDNS in order
for this App to work.

Once the data is queried from the Investigate API, it's stored in the
opendns_cache KV Store configured by this App.

REQUIREMENTS/INSTALLATION

1. Determine KV Store Instance

If you don't already have a dedicated KV Store instance in your
environment, then pick one (ideally a Search Head) to house the cache
KV Store for this App (opendns_cache).

By default, the opendns_cache KV Store is defined by this App. If you
decide to house it on another instance, you will need to define that
server address in the config.ini dicussed below.

2. Service user access

There will need to be a user with access to the KV Store created, and
those credentials along with the server address are stored in the
config.ini file discussed below.

2. Install the OpenDNS Detective App

The App should be placed on a Search Head, in the $SPLUNK_HOME/etc/apps
folder. The Search Heads will distribute the command to the Indexers as
part of Splunk's default behavior.

3. Configure the OpenDNS Detective App

A) Create a directory in the App named: local
B) Copy the config.ini from the default directory to the new local
directory created in the step before this one.
C) Edit the config.ini file in the local directory.
D) Restart Splunk

FEEDBACK

Email: dev@setsolutions.com
Phone: 713-956-6600

LCIENSE

For licensing details, please contact Set Solutions, Inc.
dev@setsolutions.com

Release Notes

Version 1.1.5
Dec. 13, 2016

Version 1.0.0
Nov. 25, 2016

10
Installs
271
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.