Latest Version 1.0.0
March 1, 2019
Welcome to the new Splunkbase! To return to the old Splunkbase, click here.
This app is archived. App archiving documentation
add-on for osquery
Provides a data input and CIM-compliant field extractions for osquery (https://github.com/facebook/osquery). "Osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Available for Linux, macOS, Windows and FreeBSD."
Built by
Compatibility
Splunk Enterprise
Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0
CIM Version: 4.x
Rating
0
(0)
Log in to rate this app
Support
Not Supported
Provides a data input and CIM-compliant field extractions for osquery (https://github.com/facebook/osquery). "Osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Available for Linux, macOS, Windows and FreeBSD."
For the latest version of this TA, see: https://github.com/splunk/TA-osquery
Categories
DevOps, Security, Fraud & Compliance
Created By
Jose Hernandez
Type
addon
Downloads
1,692
Licensing
Apache 2.0(Opens new window)Splunk Answers
Ask a question about this app listing(Opens new window)Resources
Log in to report this app listing