icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading MantisNet Network Stream Processor App for Splunk
SHA256 checksum (mantisnet-network-stream-processor-app-for-splunk_101.tgz) 2bbcfd83523e4e2109fbb39da9c8d2d47a5585b666a2f9ff6c5a7624d62fb04e SHA256 checksum (mantisnet-network-stream-processor-app-for-splunk_100.tgz) f3befb34d247af3f37c68594906af6b000ffa365cd2d0eff046c298f2253c725
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

MantisNet Network Stream Processor App for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The MantisNet Network Stream Processor (NSP) App for Splunk is an analytics solution, with integrated TA, that ingests streaming network traffic protocol metadata from MantisNet network sensor(s). Customers can continuously stream and monitor network activity to analyze in real-time.

This Community Version of the MantisNet NSP App includes a 60-day trial of MantisNet PPE network sensors and contains dozens of reports and visualizations to observe DNS traffic on your network. The streaming DNS traffic metadata feeds NOC/SOC reports and alert systems, AI/ML models and can integrate and orchestrate with response-action workflows/playbooks to anomalies in your network. Additional network protocols (HTTP/S, DHCP, GTP, etc.) are available for inclusion within the Premium Version of the MantisNet NSP App.

Using the MantisNet NSP App for Splunk, and associated MantisNet Programmable Packet Engine (PPE) sensors, network traffic protocols are continuously collected, processed and streamed via highly efficient, reliable and serialized metadata into Splunk to enrich and enable SIEM analysis, NPM, NDR/NTA, MDR, feed AI / ML models, trigger alerting and orchestrated response.

Community Version of the NSP App Install and the PPE sensor 60-day trial activation:
A. Download the NSP App for Splunk
B. Deploy the PPE DNS sensor trial:
- Place a vTAP
- Activate the containerized MantisNet PPE for DNS
- Point to the Kafka feed (or configure for HTTP Event Collector or TCP input options)
Contact us at support@mantisnet.com with any issues.

The MantisNet NSP App in conjunction with MantisNet network sensors:
• Built to stream network protocol metadata via Kafka for optimized and efficient ingestion. TCP, JSON or HTTP Event Collector ingestion also available within the App.
• Continuously inspect and filter network traffic by protocol at the network sensor
• Ingest high-resolution streaming metadata for any protocol, at any network speed from anywhere within the compute, network or cloud infrastructure. High-resolution is more accurate, reliable and granular information into “network conversations” and characteristics such as client/server(host) validations, authentications and interactions, handshakes, etc. (available for inspection within Splunk index should you opt to index the data)
• Control the in-memory processes for parsing, inspection and filtering within the MantisNet (PPE) sensors with additional processing capabilities for packet capture, RegEx and Entropy engines to further inspect and transform live network data

Mantisnet App Community Version v1.0.1

January 2020
Developed by BaboonBones, Ltd. ( www.baboonbones.com ) for Mantisnet ( www.mantisnet.com )

Overview

Community edition App for monitoring data received from Mantisnet network sensors

Mandatory Dependencies

Splunk 7.0+
Supported on all Splunk platforms
Java Runtime 1.8+

Setup

When you first install the App you will be redirected to the App's setup page.

Upon saving the setup screen , the Kafka inputs will automatically enable and start polling for data if the Splunk instance is an Indexer or Forwarder server role only.

If you have opted to use TCP or HTTP Event Collector instead for receiving your probe data , then the Kafka inputs will not enable.

Any scripted inputs used for lookup data will also enable automatically.

Check that the data is being received by browsing to the Indexed Data -> Data Sources dashboard.

The setup page can be browsed to at any time for configuration edits via the App's navigation menu.

Data Sources

Kafka

The default and preferred means to get data into the App is via Kafka. The default Kafka configuration and what you specify on the setup page should be satisfactory. However if you need to customise any settings then you can browse to Data Inputs -> Kafka Topics via the App's navigation menu.

All of the Kafka stanzas will run multithreaed in a single JVM process.

If you need to scale Kafka consumer polling , then you can simply clone an existing Kafka stanza.These stanzas will then run as individual threads.

The main constraint to be aware of with adding more stanzas/threads is the amount of JVM heap memory that you have allocated.

In mantisnet_app/bin/mantisnet_kafka.py this is set to a maximum of 512 MB (line 99) , but you can increase this if you need to.

If running multiple threads in a single JVM instance is still not acheiving the desired data collection scale , then you can deploy (n) Mantisnet Apps out horizontally across (n) Splunk Heavy Forwarders that will all run in parallel and forward the collected data into your Splunk Index Cluster. In essence , by utilising Splunk distributed architectures in this fashion , your scale is only going to be limited by your ability to push out more Heavy Forwarders.

HTTP Event Collector

Via the App's navigation menu , browse to Data Inputs -> HTTP Event Collector to setup your data input.

Be sure to specify the correct sourcetype listed below for the probe data being sent to Splunk.

Also , select the index that you specified in the App setup screen.

Raw TCP

Via the App's navigation menu , browse to Data Inputs -> TCP to setup your data input.

Be sure to specify the correct sourcetype listed below for the probe data being sent to Splunk.

Also , select the index that you specified in the App setup screen.

Release Notes

Version 1.0.1
Feb. 26, 2020

Updated version- this release includes DNS traffic monitoring reports and visualizations:

• Domain name to IP address resolution
• IP to Domain Name(s) Resolution
• IP address to Domain names
• Domain to Domain names (wildcard left)
• Domain to nameservers
• Nameservers to domain names
• Hostname wildcards
• DNS Server Geolocation
• Public DNS Server Usage
• DNS Queries
• Suspicious DNS Activity
• Malicious Domain Usage
• Packet size and volume distribution
• Measure beaconing domains activity
• Count of hosts communicating with beacon
• Domains with high count of subdomains
• DNS traffic on port 53 by protocol

Version 1.0.0
Feb. 25, 2020

This release includes DNS traffic monitoring reports and visualizations:

• Domain name to IP address resolution
• IP to Domain Name(s) Resolution
• IP address to Domain names
• Domain to Domain names (wildcard left)
• Domain to nameservers
• Nameservers to domain names
• Hostname wildcards
• DNS Server Geolocation
• Public DNS Server Usage
• DNS Queries
• Suspicious DNS Activity
• Malicious Domain Usage
• Packet size and volume distribution
• Measure beaconing domains activity
• Count of hosts communicating with beacon
• Domains with high count of subdomains
• DNS traffic on port 53 by protocol

4
Installs
14
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.