This app is archived. App archiving documentation

TA-Volatility

Manually parsing, analyzing and visualizing memory analysis is painful and time consuming. Now you can ingest your memory analysis plugin outputs into Splunk for visualization and aggregate analysis! The possibilities are limitless once you have your data in a central location. This add-on can even be deployed to a remote systems and forwarded to an indexer or cluster! See our github for the latest fork of volatility (https://github.com/mutedmouse/volatility) and the branches of TA-volatility (https://github.com/mutedmouse/ta-volatility).

Built by

Latest Version 2.6.9

October 17, 2018

Compatibility

Splunk Enterprise

Platform Version: 7.2, 7.1

Rating

0

(0)

Log in to rate this app

Support

Not Supported

Manually parsing, analyzing and visualizing memory analysis is painful and time consuming. Now you can ingest your memory analysis plugin outputs into Splunk for visualization and aggregate analysis! The possibilities are limitless once you have your data in a central location. This add-on can even be deployed to a remote systems and forwarded to an indexer or cluster! See our github for the latest fork of volatility (https://github.com/mutedmouse/volatility) and the branches of TA-volatility (https://github.com/mutedmouse/ta-volatility). NOTE: listprocess custom command syntax MUST match the following OR SEARCH WILL STALL and manual process termination will be required: __search__ | listprocess root_process_id=integer_pid process_field=name_field ppid_field=ppid_field pid_field=pid_field This syntax is presented in the help message when you begin entering listprocess command in the search bar and documented under searchbnf.conf for listprocess. Command improvements coming in 2.6.7 and above releases.