OMICRON StationGuard for Splunk

For integrating StationGuard devices into a Splunk environment, OMICRON provides a preconfigured Splunk application, the OMICRON StationGuard for Splunk application (StationGuard app). This application can be used and installed on a Search Head or a single host installation of Splunk. It creates the proper Data Inputs, a SourceType and the Event types to be used for the StationGuard logs. The fields in the syslog events are parsed and utilized in the corresponding views. These fields are then mapped to the corresponding Splunk Common information model (CIM) for Intrusion Detection. To visualize data from StationGuard devices, a Dashboard is included in the StationGuard app.

Built by Christoph Rheinberger

Latest Version 2.3.0

September 19, 2024

Release notes

Compatibility

Not Available

Platform Version: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0

CIM Version: 5.x, 4.x

Rating

0

(0)

Log in to rate this app

Support

Developer Supported app

Learn more

Ranking

#42

in Network Security

For integrating StationGuard devices into a Splunk environment, OMICRON provides a preconfigured Splunk application, the OMICRON StationGuard for Splunk application (StationGuard app). This application can be used and installed on a Search Head or a single host installation of Splunk. It creates the proper Data Inputs, a SourceType and the Event types to be used for the StationGuard logs. The fields in the syslog events are parsed and utilized in the corresponding views. These fields are then mapped to the corresponding Splunk Common information model (CIM) for Intrusion Detection. To visualize data from StationGuard devices, a Dashboard is included in the StationGuard app.