icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading SMT Endpoint Compliance
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

SMT Endpoint Compliance

Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
SMT Endpoint Compliance is a Splunk security app that helps you score your IT landscape in order to drive compliance up and run risks down.

Included in the app are technology add-ons that can be deployed to your windows and linux endpoints. These TA's contain (power)shell-codified versions of the CIS benchmarks for the various version of Linux and Windows that are most dominant now. Don't want to use the CIS benchmarks? No Problem! The TA also contains a custom-built testrunner framework that will efficiently execute hundreds of tests that match your security policy on each endpoint at a configurable interval and send the results back to Splunk via the HEC. Because of this, the use of a Universal Forwarder is optional and allows for the retrieval of compliance data from architectures for which Splunk has no Universal Forwarder available or when you can't install Universal Forwarders in the first place.

The app itself contains dashboards to help hunt down the most non-compliant endpoints and offers remediation options per failure. The general overview dashboard shows the overall compliance score across your entire landscape and all test suites. Drilling down into the specifics gives more insight into specific test suites and eventually a specific endpoints and test. All tests come with rationalisations and remediation steps based on the specific reason a test failed. Do you think that certain tests are more important than others? Use the built-in risk framework to value certain tests higher than others or use the risk framework to disable to scoring of certain tests if you consider them an accepted risk.

Use SEC as:
- a CISO to see if your security policy standards are met and if you are on track to meet compliance goals in the future.
- an IT Auditor to quickly validate company compliance standards in real-time, easy to use dashboards.
- a SOC analist to spot mutations in risk scores for suspicious endpoints during security investigations.
- a SecOps engineer to constantly improve the compliance score and drive down risk in the most efficient way possible.

SMT Endpoint Compliance

The app contains detailed installation instructions. We can provide installation support tailored to your needs if needed.

This app consists of:
- Technology Addon for Universal Forwarders (TA)
- Technology Addon for Indexers (TA)
- Supporting Addon for search head(s) (SA)

If you run in a distributed environment, The UF TA's should be deployed to the Universal Forwarders, preferably via the Deployment server. The indexer TA's can be installed on the indexers by hand, a cluster master or a deployment server. The Supporting addons should go on the search heads manually or via the deployer if you run a SHC.

The UF TA's on your endpoints execute the actual test suites and forward their results via the testrunner framework in a HEC-compatible format to a Splunk HEC endpoint. The Indexer TA's have a sample configuration for such an endpoint. If you already have infrastructure for a HEC endpoint, you can configure the testrunner to use that instead.

If you want to monitor endpoints that don't (or can't) run a Universal Forwarder then you can deploy the UF TA's via other means such as Ansible or Puppet. By executing the testrunner binary via something like cron, the test suites will be executed and the results will still be sent to the HEC endpoint, even though there's no UF installed.

The testrunner framework is open and will execute any test suite that you deploy alongside the UF TA's so it's easy to expand the existing test suites and even add completely new ones. Although this app is meant for endpoint compliance, it's easy to expand the scope to things such as ITSI metrics and other business data.

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.