icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading VulDB Vulnerability Intelligence
SHA256 checksum (vuldb-vulnerability-intelligence_310.tgz) 7fbf56b1fe6b68856388baa440d5958d37d2f8089310208d66f8656b7bc3e41c SHA256 checksum (vuldb-vulnerability-intelligence_300.tgz) db9c88dd8a413fc7675b75ae5ca18d5c06143b43433a97cece1fd8272c3b5547 SHA256 checksum (vuldb-vulnerability-intelligence_201.tgz) d4e617a60b3b93eb26cea599e5b56917a821a25a0d6966047a728f789d4f346c SHA256 checksum (vuldb-vulnerability-intelligence_200.tgz) 3f3c36cb73631aa4406dd862045bf4cc5905bdcf894791cc42f68547d6bc8377 SHA256 checksum (vuldb-vulnerability-intelligence_101.tgz) f41870200b93f149d9e33d92c282af1d8f8ab53ce0b6396f60dbe4c0784a87db
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

VulDB Vulnerability Intelligence

Splunk AppInspect Passed
Overview
Details
VulDB is the number one vulnerability database documenting and explaining security vulnerabilities and exploits since 1970. The VulDB app for Splunk integrates vulnerability data from VulDB into Splunk to enhance vulnerability management and threat intelligence.

You need to link the Splunk app to your VulDB account to use the API credits to fetch the data. The amount of available API credits is defined by the license of your account (free, commercial or enterprise). You are able to purchase more API credits at https://vuldb.com/?pay

More information about our Splunk app is available at https://vuldb.com/?doc.splunk

The Splunk App for VulDB integrates vulnerability intelligence from VulDB into Splunk. The app communicates with VulDB by using its API and requires a valid API key as well as sufficient API credits.

Setup

Installation

  • Log in to Splunk with an administrative account
  • Click on the gear icon (Manage Apps)
  • On the next screen, click on the button labeled Install app from file
  • Click on the button Browse... and browse to the location of the the VulDB Splunk App file (VulDB-Splunk-App.tar.gz), then select that file and click Open in the file browser dialogue. Now the name of the file appears next to the button Browse....
  • Check the checkbox Upgrade app to upgrade any older versions of the app should they exist
  • Click the button labeled Upload

Initial Configuration

Before configuring the VulDB Splunk App for the first time, make sure that you have a valid API key and a sufficient amount of API credits. If in doubt, log in to your VulDB account and check your profile

The VulDB Splunk App defines a new modular input type that is used for retrieving data from VulDB. Navigate to the menu Settings / Data inputs and click on + Add new.

Note: if the app has been configured previously, this step is typically not required as the required configuration should already be present.

Give the new modular input a name, for example VulDB-datasrc and insert your API key into the field "VulDB API key". Optionally, you can specify a proxy server for outgoing connections, i.e. connections to https://vuldb.com from your Splunk server. You can also choose the language for the data fetched from VulDB, the choices are (actual setting in parentheses):

  • English (en)
  • German (de)
  • Spanish (es)
  • French (fr)
  • Italian (it)
  • Polish (pl)
  • Swedish (sv)

Clicking on Next which will save your configuration and download an initial chunk of data from the VulDB (see below).

The VulDB Splunk App downloads data from https://vuldb.com in chunks of 100 database entries and it checks for new data once per hour. Upon initial data download (i.e. no data has been downloaded previously or data is older than one month), the App attempts to download all data from VulDB that is newer than one month.

Note: this will consume roughly 1'000 API credits (or more), depending on your choice of fetching details and on the amount of vulnerabilities in VulDB for that period.

Usage

When you access the Splunk App, you are presented with an overview dashboard. This dashboard shows some statistics and visualizations of the VulDB data present in your Splunk instance. All visualizations in the overview have drilldowns defined, i.e. clicking on the numbers or graph elements will open a new window containing relevant data and details.

Dashboards

Some predefined dashboards are included with the app. They can be accessed through the menu Dashboards in the menu bar.

You can always add your own dashboards or alter the existing ones. If you choose to change any of the predefined dashboards be aware that this may lead to non-functioning drilldowns in other dashboards.

Reports and Saved Queries

Currently, only one saved search is included with the VulDB app - it will show the VulDB log entries. Feel free to add your own searches as you see fit.

Custom Searches

The VulDB app creates Splunk entries with a sourcetype of VulDB. Therefore you can use sourcetype=VulDB to restrict Splunk searches to VulDB data.

Logging

The VulDB Splunk App logs events to the splunk logs. A saved search is included in the VulDB app that allows you to retrieve the VulDB App logs, please click on the Reports menu access the saved search.

Changing the Splunk App Configuration

The configuration of the VulDB data source (modular input) can be changed. Click on Settings / Data inputs / VulDB, which will show the previously defined input (or an empty list if you haven't defined the input yet). Clicking on the name of the input allows you to change its parameters.

Updating the App

For instructions on how to update Splunk apps, please refer to the official Splunk documentation

Deleting the App

For instructions on how to disable or delete Splunk apps please refer to the official Splunk documentation

Bear in mind that deleting the app will remove the defined modular input but will not remove the VulDB data already present in your Splunk instance.

Help and Support

Please check the documentation or contact the support team if you have any questions.

Release Notes

Version 3.1.0
June 6, 2019

Use the storage passwords facility to store the API key

Version 3.0.0
March 21, 2019

New feature to retrieve updates for vulnerabilities

Version 2.0.1
Feb. 11, 2019

Stability improvements

Version 2.0.0
Feb. 11, 2019

New and improved dashboards
User interface improvements
0day exploit prices

Version 1.0.1
Oct. 18, 2018

Possibility to define the time-range to fetch earlier entries at the initial startup

58
Installs
401
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2019 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.