TA-opd scans for open ports. This app should be installed on your Heavy Forwarder. Nmap will also need to be installed. The app will look for nmap in these paths:
These are the only files that the app may access outside the app directory.
This app uses python-nmap
(https://bitbucket.org/xael/python-nmap) to run Nmap commands. The following modular inputs can be set up:
- Banner Scan (sourcetype=opd:banners)
- Full Scan (sourcetype=opd:full)
- Quick Scan (sourcetype=opd:quick)
- Version Scan (sourcetype=opd:versions)
A separate app called 'Hurricane Labs Open Port Detection' can be installed on your Search Head from which you can utilize
additional saved searches and dashboards along with possible Shodan integration.
- Incremented version to 2.2.0
- Documented nmap file paths.
- Removed test_nmap.py.
- Removed os.getenv('PATH').
- Removed sudo handling.
- Remove test.py
- Modular inputs have been migrated from .sh to .py
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.