icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Armis Add-On for Splunk
SHA256 checksum (armis-add-on-for-splunk_100.tgz) 97c1acaa9526f30cdc4cee9bf299e36888eba70ace8a9ceb96c674689ab3d945
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

Armis Add-On for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust our unique out-of-band sensing technology to discover and analyze all managed, unmanaged, and IoT devices—from traditional devices like laptops and smartphones to new unmanaged smart devices like smart TVs, webcams, printers, HVAC systems, industrial robots, medical devices and more. Armis discovers devices on and off the network, continuously analyzes endpoint behavior to identify risks and attacks, and protects critical information and systems by identifying suspicious or malicious devices and quarantining them.

Table of Contents

OVERVIEW

  • About the TA for Armis
  • Release notes
  • Support and resources

INSTALLATION AND CONFIGURATION

  • Prerequisites
  • Deployment Considerations
  • Installation steps

About the TA for Armis

  • Author: Armis
  • App Version: 1.0.0
  • Vendor Products: Armis Security

Armis is the first agentless, enterprise-class security platform to address the new threat landscape of unmanaged and IoT devices. Fortune 1000 companies trust our unique out-of-band sensing technology to discover and analyze all managed, unmanaged, and IoT devices—from traditional devices like laptops and smartphones to new unmanaged smart devices like smart TVs, webcams, printers, HVAC systems, industrial robots, medical devices and more. Armis discovers devices on and off the network, continuously analyzes endpoint behavior to identify risks and attacks, and protects critical information and systems by identifying suspicious or malicious devices and quarantining them.

Release Notes

v1.0.0

Released on 2/5/2020

Notes:

  • Initial Version

Support and Resources

For any support issues with this product, please contact support@armis.com

Installation and Configuration

Prerequisites

Before installing this TA, you must have the following information from your Armis instance:

  • Armis Hostname
  • API Secret Key
  • Configure SIEM Integration in Armis Console. For the host, use the Splunk server that will be ingesting the data (Heavy Forwarder or Input Data Manager). You can pick any open port on that machine and will configure that port on the Splunk server in the installation steps.

Deployment Considerations

This app should be installed on the Heavy Forwarder or Input Data Manager as well as all of the indexers and search heads.

Installation Steps

After installing the app on your Splunk instance:

  1. Go to Settings -> Data Inputs
  2. Click on "+Add New" next to "TCP"
  3. Type in the port that you configured in the Armis SIEM Integration and click Next.
  4. Under sourcetype click New and type "armis:alert" into the text box. Under index, pick the index from the dropdown that you want the Armis data to go into. Click Review.
  5. Verify that the settings are correct and click Submit.
  6. Go to Settings -> Data Inputs
  7. Click on "+Add New" next to "Armis Alert Enrichment"
  8. On the next screen, name your input, enter the index you specified above, and enter your Armis hostname and API key.
  9. Click More Settings and verify your interval and index settings are appropriate for your deployment.
  10. Click Next and your Data Input will be configured.
  11. Go to Settings -> Data Inputs
  12. Click on "+Add New" next to "Armis Devices"
  13. On the next screen, name your input, and enter your Armis hostname and API key.
  14. Fill in the number of days you want to search back for to look for devices in Armis. The recommendation for this value is 7.
  15. Click More Settings and verify your interval and index settings are appropriate for your deployment. For interval, the recommended value is 86400 (Once Daily)
  16. Click Next and your Data Input will be configured. You should see your lookups start being generated the following morning and you can run the saved search (ARMIS - Asset Lookup Gen) manually if you want to generate the lookup sooner.

Release Notes

Version 1.0.0
Feb. 6, 2020

Version 1.0.0 - Released on 2/5/2020
- Initial Version

0
Installs
4
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.