icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Log4Shell Vulnerability: Information and guidance for you. Get resources.

Accept License Agreements

Thank You

Downloading SSH
SHA256 checksum (ssh_2311.tgz) 71b6761a2538a0549b0d64c0388761404a6d4854e54fa5d2a9e4d1cf0447e3a2 SHA256 checksum (ssh_2310.tgz) 80491b30b866060c5a782d9bd988baac70adee9c4049e85b1b88478904886cc9 SHA256 checksum (ssh_235.tgz) 3881f63637cf4a753d7e61bd22a07f9f99b6dc25e43371617a99c2b6dfb01cf8 SHA256 checksum (ssh_224.tgz) 1ed10fe79c20d29e5d6e5c165e2f19db9ba545b50ea0d888b76550b46fbd62ad

Flag As Inappropriate

soar

SSH

Splunk SOAR Cloud
Splunk Built
Overview
This app supports executing various endpoint-based investigative and containment actions on an SSH endpoint

Supported Actions Version 2.3.11

  • test connectivity: Validates endpoint connection
  • execute program: Executes a program on the remote machine
  • list connections: Lists all the network connections. Requires root privileges. Requires netstat to be installed
  • block ip: Add an iptables rule to the Linux server. Requires root privileges. Not supported on OS X
  • list firewall rules: Lists the rules in iptables. Requires root privileges. Not supported on OS X
  • delete firewall rule: Delete a firewall rule. Requires root privileges. Not supported on OS X
  • reboot system: Reboot the endpoint (Requires root privileges)
  • shutdown system: Shutdown the endpoint(Requires root privileges)
  • terminate process: Terminate a process (Requires root privileges)
  • logoff user: Logout a user on endpoint (Requires root privileges)
  • list processes: List processes on endpoint
  • get disk usage: Retrieve disk usage from endpoint
  • get memory usage: Retrieve memory usage from endpoint
  • get file: Retrieve a file from the endpoint and save it to the vault
  • put file: Put a file from the vault to another location

Supported Actions Version 2.3.10

  • test connectivity: Validates endpoint connection
  • execute program: Executes a program on the remote machine
  • list connections: Lists all the network connections. Requires root privileges. Requires netstat to be installed
  • block ip: Add an iptables rule to the Linux server. Requires root privileges. Not supported on OS X
  • list firewall rules: Lists the rules in iptables. Requires root privileges. Not supported on OS X
  • delete firewall rule: Delete a firewall rule. Requires root privileges. Not supported on OS X
  • reboot system: Reboot the endpoint (Requires root privileges)
  • shutdown system: Shutdown the endpoint(Requires root privileges)
  • terminate process: Terminate a process (Requires root privileges)
  • logoff user: Logout a user on endpoint (Requires root privileges)
  • list processes: List processes on endpoint
  • get disk usage: Retrieve disk usage from endpoint
  • get memory usage: Retrieve memory usage from endpoint
  • get file: Retrieve a file from the endpoint and save it to the vault
  • put file: Put a file from the vault to another location

Supported Actions Version 2.3.5

  • test connectivity: Validates endpoint connection
  • execute program: Executes a program on the remote machine
  • list connections: Lists all the network connections. Requires root privileges. Requires netstat to be installed
  • block ip: Add an iptables rule to the Linux server. Requires root privileges. Not supported on OS X
  • list firewall rules: Lists the rules in iptables. Requires root privileges. Not supported on OS X
  • delete firewall rule: Delete a firewall rule. Requires root privileges. Not supported on OS X
  • reboot system: Reboot the endpoint (Requires root privileges)
  • shutdown system: Shutdown the endpoint(Requires root privileges)
  • terminate process: Terminate a process (Requires root privileges)
  • logoff user: Logout a user on endpoint (Requires root privileges)
  • list processes: List processes on endpoint
  • get disk usage: Retrieve disk usage from endpoint
  • get memory usage: Retrieve memory usage from endpoint
  • get file: Retrieve a file from the endpoint and save it to the vault
  • put file: Put a file from the vault to another location

Supported Actions Version 2.2.4

  • test connectivity: Validates endpoint connection
  • execute program: Executes a program on the remote machine
  • list connections: Lists all the network connections. Requires root privileges. Requires netstat to be installed
  • block ip: Add an iptables rule to the Linux server. Requires root privileges. Not supported on OS X
  • list firewall rules: Lists the rules in iptables. Requires root privileges. Not supported on OS X
  • delete firewall rule: Delete a firewall rule. Requires root privileges. Not supported on OS X
  • reboot system: Reboot the endpoint (Requires root privileges)
  • shutdown system: Shutdown the endpoint(Requires root privileges)
  • terminate process: Terminate a process (Requires root privileges)
  • logoff user: Logout a user on endpoint (Requires root privileges)
  • list processes: List processes on endpoint
  • get disk usage: Retrieve disk usage from endpoint
  • get memory usage: Retrieve memory usage from endpoint
  • get file: Retrieve a file from the endpoint and save it to the vault
  • put file: Put a file from the vault to another location

Release Notes

Version 2.3.11
Feb. 3, 2022

SSH Release Notes - Published by Splunk February 02, 2022

Version 2.3.11 - Released February 02, 2022

  • Added support for Python 3.9
Version 2.3.10
Jan. 20, 2022

SSH Release Notes - Published by Splunk January 20, 2022

Version 2.3.10 - Released January 20, 2022

  • Marked the app as FIPS Compliant [PAPP-21566]
Version 2.3.5
Nov. 19, 2021

SSH Release Notes - Published by Splunk November 19, 2021

Version 2.3.5 - Released November 19, 2021

  • Removed unnecessary debug logging to '/tmp/blah' file [PAPP-19717]
Version 2.2.4
Sept. 21, 2021

SSH Release Notes - Published by Splunk July 26, 2021

Version 2.2.4 - Released July 26, 2021

  • Added a custom output view for the 'execute program' action [PAPP-13692]
  • Fixed the output processing on errors for the 'execute program' action [PAPP-13693]
  • Added NRI instance compatibility for RSA key processing [PAPP-14754]
  • Added 'timeout' parameter for the 'execute program' action [PAPP-15257]
  • Added 'pseudo_terminal' configuration parameter [PAPP-15259]
  • Updated the error handling for the 'put file' action [PAPP-16939]
  • Updated the app documentation

Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.