The Splunk App for VulDB integrates vulnerability intelligence from VulDB into Splunk. The app communicates with VulDB by using its API and requires a valid API key as well as sufficient API credits.
Before configuring the VulDB Splunk App for the first time, make sure that you have a valid API key and a sufficient amount of API credits. If in doubt, log in to your VulDB account and check your profile
The VulDB Splunk App defines a new modular input type that is used for retrieving data from VulDB. Navigate to the menu Settings / Data inputs and click on + Add new.
Note: if the app has been configured previously, this step is typically not required as the required configuration should already be present.
Give the new modular input a name, for example VulDB-datasrc and insert your API key into the field "VulDB API key". Optionally, you can specify a proxy server for outgoing connections, i.e. connections to https://vuldb.com from your Splunk server. You can also choose the language for the data fetched from VulDB, the choices are (actual setting in parentheses):
Clicking on Next which will save your configuration and download an initial chunk of data from the VulDB (see below).
The VulDB Splunk App downloads data from https://vuldb.com in chunks of 100 database entries and it checks for new data once per hour. Upon initial data download (i.e. no data has been downloaded previously or data is older than one month), the App attempts to download all data from VulDB that is newer than one month.
Note: this will consume roughly 1'000 API credits (or more), depending on your choice of fetching details and on the amount of vulnerabilities in VulDB for that period.
When you access the Splunk App, you are presented with an overview dashboard. This dashboard shows some statistics and visualizations of the VulDB data present in your Splunk instance. All visualizations in the overview have drilldowns defined, i.e. clicking on the numbers or graph elements will open a new window containing relevant data and details.
Some predefined dashboards are included with the app. They can be accessed through the menu Dashboards in the menu bar.
You can always add your own dashboards or alter the existing ones. If you choose to change any of the predefined dashboards be aware that this may lead to non-functioning drilldowns in other dashboards.
Currently, only one saved search is included with the VulDB app - it will show the VulDB log entries. Feel free to add your own searches as you see fit.
The VulDB app creates Splunk entries with a sourcetype of VulDB. Therefore you can use
sourcetype=VulDB to restrict Splunk searches to VulDB data.
The VulDB Splunk App logs events to the splunk logs. A saved search is included in the VulDB app that allows you to retrieve the VulDB App logs, please click on the Reports menu access the saved search.
The configuration of the VulDB data source (modular input) can be changed. Click on Settings / Data inputs / VulDB, which will show the previously defined input (or an empty list if you haven't defined the input yet). Clicking on the name of the input allows you to change its parameters.
For instructions on how to update Splunk apps, please refer to the official Splunk documentation
For instructions on how to disable or delete Splunk apps please refer to the official Splunk documentation
Bear in mind that deleting the app will remove the defined modular input but will not remove the VulDB data already present in your Splunk instance.
Please check the documentation or contact the support team if you have any questions.
Use the storage passwords facility to store the API key
New feature to retrieve updates for vulnerabilities
New and improved dashboards
User interface improvements
0day exploit prices
Possibility to define the time-range to fetch earlier entries at the initial startup
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.