icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading IronDefense App for Splunk
SHA256 checksum (irondefense-app-for-splunk_400.tgz) dfc91ec7f8d10e9fde94284a4475cc69c3ff0ea8d0d1f8c733aa518820ee0a5c SHA256 checksum (irondefense-app-for-splunk_303.tgz) 5f500c821b76b644b827eb15d8160e39d522b39332a25b7f794aa69d88d7d450 SHA256 checksum (irondefense-app-for-splunk_302.tgz) 2b95f4eb4fcc5c2b879ebbeb65e840d57c868b1ca8b22482d70741573894683f SHA256 checksum (irondefense-app-for-splunk_301.tgz) f1c08b93ac21703b3499fcacea023914c5ede25e114e83ae40459da1e624592e SHA256 checksum (irondefense-app-for-splunk_300.tgz) cb59c8054ca39799e6222cab351fe3d157fed33d86732839e773ffef42d299f9 SHA256 checksum (irondefense-app-for-splunk_262.tgz) 788d63388f413d3da1804fc1ed939272b8dbb6be0e66f7e292e8bb04e273db3f SHA256 checksum (irondefense-app-for-splunk_261.tgz) f5aafdac58cb0d1d5d3d283dc33a6807f75477d890085387f5a336b683aa31f3 SHA256 checksum (irondefense-app-for-splunk_260.tgz) 9547538b4b273bbd5f0fb0d2969b7086cf711d583db1c3d4a5d9996c90528bcc SHA256 checksum (irondefense-app-for-splunk_250.tgz) 3461d78db83231161ada6b225dae916e33b6a415e3a6231f88484f7041c1cf71 SHA256 checksum (irondefense-app-for-splunk_241.tgz) 91846bd153d55af11a955c4b86cc64e5fa798b8c04a3ea339eed1067c9963eb3 SHA256 checksum (irondefense-app-for-splunk_240.tgz) c4659830ed774e1e8ca164f48bb65dd8336a4ec61551fde0d516c690efbb8522 SHA256 checksum (irondefense-app-for-splunk_230.tgz) 1cf3a40878c304d31f1fce1a725b4033fe9dd3a035fa7f4da39c2c2eaf45bafe SHA256 checksum (irondefense-app-for-splunk_220.tgz) 62c1c629f6657a8b08e78bd5a5e366f59924391d9a37832e1cfab58c3649652a SHA256 checksum (irondefense-app-for-splunk_210.tgz) 87e34aa1dffd4dcd86acc26ecc95c9d9a70c632e31a126d4a2f36b7c0a021966 SHA256 checksum (irondefense-app-for-splunk_14.tgz) 9e9c37bacac8c288e1ea957bbf0504f9c9a7486fa63d3c3ab6c0a529b2d046bd
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

IronDefense App for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
IronDefense is a Network Detection & Response (NDR) platform that improves visibility across the threat landscape and amplifies detection efficacy within your network environment, allowing your SOC team to be more efficient and effective with existing cyber defense tools, resources, and analyst capacity. IronDefense works closely with IronNet’s IronDome platform delivers the unique ability to automate real-time knowledge sharing and collaboration between and beyond sectors for faster threat detection.

The IronDefense Splunk App gives your SOC team:
- Enhanced visibility: Real-time insights across industry threatscapes, human insights to detected threats, and higher-order analysis of anomalies correlated across groups of peers via IronDome Collective Defense integration.
- Faster detection: Advanced network behavioral analysis that leverages proven AI/ML and analytics used to defend highly secure networks, allowing the ability to scale up analysis to the largest enterprises.
- Increased efficiency: Experienced insights — a “second pair of eyes” — from some of the nation’s top defenders, applied via IronDefense’s Expert System to supplement limited cyber staff and to enable faster, more effective prioritization and mitigation/response.


---
For more information about IronNet's IronDefense NDR platform, visit: https://www.ironnet.com/irondefense
For more information about IronNet's IronDome Collective Defense capability, visit: https://www.ironnet.com/irondome

Table of Contents

Overview

  • About
  • Support and Resources

Installation and Configuration

  • Platform Requirements
  • Software Requirements
  • Open Source Dependencies
  • Installation
  • Configure IronDefense Input
  • Advanced Configuration

Monitoring and Troubleshooting

  • Logging

Overview

About

Author: IronNet Cybersecurity Inc.

IronDefense is a Network Detection & Response (NDR) platform that improves visibility across the threat landscape and amplifies detection efficacy within your network environment, allowing your SOC team to be more efficient and effective with existing cyber defense tools, resources, and analyst capacity. IronDefense works closely with IronNet’s IronDome platform delivers the unique ability to automate real-time knowledge sharing and collaboration between and beyond sectors for faster threat detection.

The IronDefense Splunk App gives your SOC team:
- Enhanced visibility: Real-time insights across industry threatscapes, human insights to detected threats, and higher-order analysis of anomalies correlated across groups of peers via IronDome Collective Defense integration.
- Faster detection: Advanced network behavioral analysis that leverages proven AI/ML and analytics used to defend highly secure networks, allowing the ability to scale up analysis to the largest enterprises.
- Increased efficiency: Experienced insights — a “second pair of eyes” — from some of the nation’s top defenders, applied via IronDefense’s Expert System to supplement limited cyber staff and to enable faster, more effective prioritization and mitigation/response.


For more information about IronNet's IronDefense NDR platform, visit: https://www.ironnet.com/irondefense
For more information about IronNet's IronDome Collective Defense capability, visit: https://www.ironnet.com/irondome

Support and resources

Email: splunkbase@ironnetcybersecurity.com

Platform Requirements

The IronNet App for Splunk supports the following Splunk Enterprise platforms:

  • Linux
  • OSX
  • Windows

Software Requirements

  • Python

Installation

Installation in Splunk Dashboard interface
  • Download the IronNet App for Splunk from Splunkbase (once approved for access).
  • From within the Splunk Enterprise interface, click the gear icon for managing apps.
  • Click "Install App from file" button.
  • Locate the IronNet App for Splunk on disk where it was saved.
  • Click "Upload" button.
  • Restart Splunk
Manual Installation at command line
  • Download the IronNet App for Splunk from Splunkbase or obtain it directly from IronNet.
  • cd to $SPLUNK_HOME/etc/apps
  • Un-gzip and un-tar the IronNet App for Splunk file in this directory.
  • Restart Splunk

Configure IronDefense Input

  • From within the Splunk Enterprise interface, click Settings > Data Inputs.
  • Click the "IronNet" entry in the list of available inputs.
  • Click the "New" button.
  • Complete the form, providing details of where Splunk can reach the IronDefense OpenAPI.
  • Click the "Next" button.

Advanced Configuration

Under the ironnet_splunk/config directory you will find a config.xml file. Settings in this file control advanced features of the IronNet App for Splunk and are unlikely to require changing for most users.
Should changes be necessary, a restart of Splunk after changes are made is recommended.

Monitoring and Troubleshooting

Logging

Logs for the application can be found in $SPLUNK_HOME/var/log/ironnet_splunk/ironnet_splunk.log.

Release Notes

Version 4.0.0
July 3, 2020

IMPORTANT: Please refer to the migration guide available in the IronNet Partner Portal when updating from an older version.

- Added capability to view event context for a selected alert.
- Added capability to view IronDome information for a selected alert.

Version 3.0.3
April 30, 2020

- Passwords are now saved in the ironnet_splunk app directory. Please remove and recreate any existing inputs to prevent authentication issues.
- Bug fixes

Version 3.0.2
April 10, 2020

*** CHANGELOG ***
- Added support to connect to IronDefense through a proxy.
- Reduced the the alert summary table width to fit all columns in the browser window.
- Various bug fixes.

Version 3.0.1
Dec. 6, 2019

*** CHANGELOG ***
- The Alert Summary Table now loads 5x faster and uses less memory.
- Alerts in the Alert Summary Table can now be filtered by Environment, Category, Behavior, Risk Score, Severity, and Status.
- IronDome notification participant tags are now displayed in the the "IronDome Participants" column on the IronDome Dashboard. (Requires IronDefense 3.3.7)
- Minor improvements and bug fixes.

Version 3.0.0
Sept. 19, 2019

*** CHANGELOG ***
- New feature to update/rate alerts directly in the App dashboard
- Minor bug fixes and UI improvements

*** NOTES ***
- This version of IronDefense App for Splunk will not be able to display historical events ingested with previous versions.
- After upgrading, you MUST recreate all IronDefense input configurations or modify the configurations to populate "IronAPI Host" and "IronAPI Port". The default value of "IronAPI Host" should be equal to "OpenAPI Host" and the default value of "IronAPI Port" is "6942".

Version 2.6.2
Aug. 8, 2019

- Updated to support Splunk Cloud

Version 2.6.1
June 27, 2019

- Updated for Splunk Cloud
- Minor UI improvements

Version 2.6.0
April 12, 2019

- Supports ingest of event entity attributes, which are also displayed on the events table. (Requires IronDefense 3.3.0)
- App will now notify users when the connection to OpenAPI has been lost.
- Adds a malicious notification count to the IronDome dashboard.
- You can now pivot to the TIR in IronVue from the Top Malicious Domains and IPs tables on the IronDome dashboard.
- Adds the ability to filter out notification types on the IronDome dashboard.
- Other improvements and bug fixes.

NOTE: If you are upgrading from a previous version, bump the server or restart Splunk to complete the installation process.

Version 2.5.0
Feb. 15, 2019

- Introduces a new feature to ingest IronDome notifications. (Requires IronDefense 3.2.5 and must be enabled on the input configuration page)
- Adds a new dashboard to view IronDome notifications.

Version 2.4.1
Jan. 18, 2019

- Fixed issue where new input configurations cannot be created.

Version 2.4.0
Dec. 20, 2018

- Event data sources are now displayed in the IronDefense dashboard under the "Raw Data Formats" columns. (Must have IronDefense v3.2.3 or greater)
- Minor bug fixes

Version 2.3.0
Oct. 17, 2018

Version 2.2.0
July 24, 2018

Version 2.1.0
July 18, 2018

Version 1.4
Aug. 16, 2017

20
Installs
215
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.