icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Add-on for VMRay Platform
SHA256 checksum (add-on-for-vmray-platform_211.tgz) b14760fa3c3ad5c9717da3ceba0550fdda4d298c380d2a175d66d5c2140b4fdf SHA256 checksum (add-on-for-vmray-platform_210.tgz) bbe48d6c4c5067ebcc6b37e0526cddd1a48b6d2c52e0d23c0c6a5e458bcbb7b2 SHA256 checksum (add-on-for-vmray-platform_200.tgz) 589a836fe2bd7971050c1e7c53417708ddd1fd7874e96d782a269bfc35d31ad8
To install your download
To install apps and add-ons from within Splunk Enterprise
  1. Log into Splunk Enterprise.
  2. On the Apps menu, click Manage Apps.
  3. Click Install app from file.
  4. In the Upload app window, click Choose File.
  5. Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  6. Click Upload.
  7. Click Restart Splunk, and then confirm that you want to restart.
To install apps and add-ons directly into Splunk Enterprise
  1. Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  2. Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  3. Restart Splunk.
After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Flag As Inappropriate

splunk

Add-on for VMRay Platform

Splunk Cloud
Overview
The VMRay Platform’s advanced threat detection and analysis is based on our best-of-breed sandbox technology, which underlies our market-leading Dynamic Analysis. The Platform also features superior static file analysis as well as handy reputation lookup for files and URLs.

The Splunk Enterprise Add-on for the VMRay Platform enables users to import valuable file and URL analysis results generated by the VMRay Platform into Splunk, thereby helping you to aggregate threat intelligence in a single location. The Add-on enables you to automatically import verdicts, VMRay Threat Identifier (VTI) scores, IOCs, YARA rule matches, file hashes and more. It also allows you to automatically export hashes of malicious files into Threat Intel within Splunk Enterprise Security.

Optionally, you can easily submit files and URLs to the VMRay Platform from within Splunk, using the pre-configured Actions (included as part of the Add-on) which are integrated into Splunk’s Adaptive Response framework. And of course, once generated, these analysis results can be imported into Splunk too, which enables you to further consolidate your threat intelligence within Splunk.

Release Notes

Version 2.1.1
Dec. 10, 2021
  • Added support for multivalue fields in the "Query by Hash" and "Submit URL" alert actions
  • Raised the default limit to 10 when invoking the alert actions on queries with multiple results
Version 2.1.0
Oct. 28, 2021

New Features:

  • API keys are now stored encrypted using Splunk's storage/passwords REST API endpoint.
  • HTTPS communication is now enforced if Add-on is installed on Splunk Cloud.

This Add-on version works with the following VMRay Platform versions: 4.0 and up.

Version 2.0.0
May 27, 2021

This new Splunk Enterprise Add-on for the VMRay Platform replaces the legacy VMRay Analyzer Add-on.

New features:
Analysis Report Data, including VTIs and IOCs, is now parsed from the latest Summary.json v2.
A new event structure and format for optimal processing is now provided.

This new Add-on works with the following VMRay Platform versions: 4.0, 4.1, 4.2.

Note: The new event structure is not compatible with the legacy Add-on, so both versions should be installed at the same time, to ensure a smooth transition to the new Add-on.


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.