The code custom command allows for the encoding and decoding of fields within Splunk results and returning the results into a destination field. This is particularly useful with attackers hiding their data (via base64 encoding for example) and being able to decode these fields on the fly within SPL without needing to export the data is extremely useful. The following methods are currently supported: - base64, base32, base85 - ROT - XOR - Hex - URL While this app is not formally supported, the developer can be reached at tighesplunk.com (OR in splunk-usergroups slack, @workape). Responses are made on a best effort basis. Feedback is always welcome and appreciated! (if you use the User Group approach, include: Learn more about splunk-usergroups slack here: https://docs.splunk.com/Documentation/Community/current/community/Chat#Join_us_on_Slack)
(0)
Categories
Created By
Type
Downloads
Licensing
Splunk Answers
Resources