icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading VulnDB Add-On For Splunk
SHA256 checksum (vulndb-add-on-for-splunk_120.tgz) e5a805c6ed9c31ee4ae7ffbfee105e19ec275f589584731ce6e75e0bbb6b6e21 SHA256 checksum (vulndb-add-on-for-splunk_110.tgz) d308462b1eef1fb5c05818664bf55d12e828baf06a973fed108829222394953f SHA256 checksum (vulndb-add-on-for-splunk_103.tgz) cda954dc45b90dc5293edadaa5d14e0f9b47edada529bc176e2a08bbbd121f32 SHA256 checksum (vulndb-add-on-for-splunk_102.tgz) cffa0b95b476ef11812508aefb0156688bcb7175c449751b6a518c602c97a82f SHA256 checksum (vulndb-add-on-for-splunk_101.tgz) 9f1da86b9e7f8d3d543ab33b2456e840eae0e8cef4601d434bfe2854ecc0395c SHA256 checksum (vulndb-add-on-for-splunk_100.tgz) c4b79667f05987687ffcf6ef2f242cfa7bc54de671725c71880209b2d56e4ec0
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

VulnDB Add-On For Splunk

Splunk AppInspect Passed
Overview
Details
Splunk Connector for VulnDB

This add-on allows you to easily integrate data from Risk Based Security’s VulnDB product into Splunk. With over 60,000 additional vulnerabilities not found in the frequently relied-upon Common Vulnerabilities and Exposures (CVE) database, VulnDB provides the richest, most complete vulnerability intelligence available to help you address points of risk across your organization – from application development and your IT infrastructure to security operations, vendor risk management and procurement.

VulnDB subscription required - contact sales@riskbasedsecurity.com or visit www.riskbasedsecurity.com for more information.

===============================================================================
|| VulnDB Splunk Add-on ||
===============================================================================

The VulnDB Splunk Add-on is designed to communicate with the VulnDB database
of vulnerability information, accessible via REST API. This application
requires an active subscription to the VulnDB REST API.

Prior to installation, be sure to have the TA-vuln-db.tgz or TA-vuln-db.spl
file on your local machine (Web Interface installation) or on the target Splunk
server(s) (Shell installation), where it is readily available for the
installation process.

Installation - Web Interface:

Log into Splunk with an administrator account.
Click on the gear icon for Application Management.
Click on the "Install app from file button".
Click the "Choose File" button and browse to the location on your local machine
where the TA-vuln-db.tgz or TA-vuln-db.spl file is located and select it.
Check the "Upgrade App" checkbox to overwrite any previous versions of this app
Click the "Upload button"

Installation - Shell:

Log into the shell for your Splunk server
Change to the Splunk application folder:
cd $SPLUNK_HOME/etc/apps
Extract the application from the archive file:
tar xzf <archive location="">
Verify that the app has the proper permissions for the OS:
chown -R splunk:splunk $SPLUNK_HOME/etc/apps/TA-vuln-db
Restart Splunk
$SPLUNK_HOME/bin/splunk restart

Configuration:

The VulnDB application has a straightforward configuration interface.
Before starting configuration of the application, you must have your Vuln DB
consumer API key, and consumer API secret in order to successfully add an
input to Splunk for VulnDB vulnerability information.

Before adding an input for Vuln DB, please review the "Configuration" menu
option to make sure you put in your proxy server settings (if necessary) and
your logging level.

Once the app is installed, you can navigate to it by clicking on the Vuln DB app
on the left side of the Splunk web interface.
The first page that will appear is the Inputs page.
Click on the "Create New Input" button on the upper right of the Inputs page.
Fill in the information as requested on the Add vulndb input window:
Name - The name of the input you wish to create. Ie; vulndb_input
Interval - The time interval in seconds between API requests to load data into
Splunk (3600 = Every hour, 86400 = Once per day)
Index - The Splunk index that you want to ingest the vulnerability events
into
API URL - The URL to access the VulnDB API (the default should work, but
this might change at some point)
API Key - The VulnDB consumer key assigned from Vuln DB. You can get this
from your Vuln DB account:
https://vulndb.cyberriskanalytics.com/users/sign_in
API Secret - The VulnDB consumer secret assigned from Vuln DB. You can get
this from your account as well (see link above)
Start date - The starting date that you want to use to gather vulnerability
information from. The API will return results that have
vulnerabilities that were modified on or after this date.
Page size - The number of VulnDB results that the API should return in a
single request. The maximum is 300. This means if there are
800 new vulnerabilities updated since the last run, and your
page size is set to 300, the app will make 3 total API requests to
the VulnDB API.
Reset Input- If for some reason, you need to re-ingest vulnerability information
from the start date, you will have to check this box off in order
to do so. The app remembers the most recent date stamp, and by
default will ignore the start date after the first run.

There are additional options available, which are documented in the VulnDB
API reference manuals.

When you are finished selecting all of your desired options, you can click on
the "Add" button to add the input. The input will start to contact the Vuln
DB API immediately. The first time the input runs, it may take a long period
of time to see results in Splunk. Depedning upon your start date, the input
will be trying to retrieve 1000's or more vulnerability details. Please
be patient, as the process takes time. You can view activity in Splunk using
a search:
index=_internal source=*ta_vuln_db_vulndb.log

This will search the Vuln DB application log file for events. Depending upon
the logging level selected, you will see various details about the input
activity.

===============================================================================
|| END ||
===============================================================================

Release Notes

Version 1.2.0
April 23, 2019

Added feature to filter data using CVSSv2 score

Version 1.1.0
Nov. 15, 2018

Added proxy support
Resolved truncation issue for long events
Improved data collection logic

Version 1.0.3
Oct. 16, 2018

Added validation for Splunk's generic UI outside of the app.

Version 1.0.2
Sept. 28, 2018

Fixed Splunk Appcert issues, separated main app and add-on.

Version 1.0.1
July 13, 2018

Minor bug fixes

Version 1.0.0
May 22, 2018

31
Installs
410
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.