Install the add-on on:
Search Heads - The add-on contains search time extractions
Indexers - Needed for index time operations in case the syslog flow is targetting this instances
Heavy Forwaders - Needed for index time operations in case the syslog flow is targetting this instances
NOTE: Its recommended to use a separate and dedicated syslog solution (e.g. rsyslog, syslog-ng, etc)
- Configure new UDP port (e.g. 514) pointing to the new index using the "kaspersky:leef" sourcetype
You can file bug reports on our GitHub issue tracker and they will be addressed as soon as possible.
Support is a volunteer effort and there is no guaranteed response time.
- App compatibility changed to starting from 7.1.0 due to app.manifest version and Splunk Cloud compatibility
- Improved CIM Change datamodel coverage
- Improved CIM Malware datamodel coverage
- Added missing extractions of signature field for several sourcetypes
- Fix issue with the events timezone detection
LEEF format outputs a timestamp in UTC and splunk was detecing it as system default resulting in events in the future for systems in GMT- and in the past for systems in GMT+
- Small fixes
- Improvements on some extractions
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.