icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading BotRx ProTx for Splunk
SHA256 checksum (botrx-protx-for-splunk_101.tgz) 248e3bb39ef5cd1d48625f46a233261b56b48091e851d8ee18e26f8a8f8149ca SHA256 checksum (botrx-protx-for-splunk_100.tgz) 6db4f3741f7e01ad18fba9438ab391972ef7513aad271fc6db09b89ecf8e906e
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

BotRx ProTx for Splunk

Splunk AppInspect Passed
Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Overview
Details
The BotRx Protx for Splunk is to help the BotRx ProTx customers to integrate their ProTx appliances into the Splunk system. It provides two source types for customers to choose based on their deployment needs, as well as a dashboard to show threat events detected by the ProTx.

Overview

The BotRx Protx for Splunk is to help BotRx ProTx customers to integrate their ProTx appliances into the Splunk system. It provides two source types for customers to choose based on their deployment needs, as well as a dashboard to show threat events detected by ProTx.

Supported Splunk Versions

7.0.0 and above

Platform requirement

Platform Independent

Source types

This app contains predefined source types that Splunk Enterprise uses to ingest incoming events and categorize these events for search.
The source types are based on the data sources that the app ingests.
Many of the source types support data models in the Common Information Model.
Source type | Collection method |
--- | --- |
botrx:protx:syslog | UDP/TCP/file over syslog protocol
botrx:protx:json | HTTP/HTTPS/file without syslog header

Installation

This app should be installed on the indexers and search heads.

Configuration

  1. Configure your BotRx ProTx servers to send data to the syslog server or the Splunk indexer.
  2. Follow the steps based on where the ProTx servers send data to the Splunk system:
  3. If the ProTx servers send data to the Splunk indexer directly, please configure the TCP/UDP inputs and set botrx:protx:syslog as the source type.
  4. If the ProTx servers send data to syslog server and Unviersal Forwarder into the Splunk system, please follow below steps:
    a.Configure the syslog server to filter by PROGRAM, store the MSG into the file.
    b. Configure the UF to monitor the file, set botrx:protx:json as the source type.
  5. If the ProTx servers send data to syslog server and HEC into the Splunk system, please follow below steps:
    a. Create HEC token on the Splunk.
    b. Configure the syslog server to filter by PROGRAM, set botrx:protx:json as the source type, MSG as the event body, then send to the Splunk system.

Resources and Support

Questions and feature requests (BotRx ProTx app specific): supportservice1@botrx.com

Release Notes

Version 1.0.1
Feb. 25, 2020

Initial release of BotRx Protx for Splunk.
Fix: Remove local.meta

Version 1.0.0
Feb. 25, 2020

First Release of BotRx Protx for Splunk

1
Install
8
Downloads
Share Subscribe LOGIN TO DOWNLOAD

Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.