Ransomware Add-on for Splunk app icon

Ransomware Add-on for Splunk

The Ransomware Add-on for Splunk captures ransomware attack data across multiple sources and organizes it for actionable insights. It is designed to parse files, track victims, and analyze ransomware activity statistics. It supports collecting IOC data, negotiation logs, and related threat intelligence to help security teams detect and respond to ransomware incidents quickly.

Built by
splunk product badge
Latest Version 1.0.15
January 2, 2026
Compatibility
Splunk Enterprise, Splunk Cloud
Platform Version: 10.1, 10.0, 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0
CIM Version: 6.x, 5.x
Rating

0

(0)

Log in to rate this app
Support
Ransomware Add-on for Splunk support icon
Developer Supported addon
The Ransomware Add-on for Splunk integrates ransomware-related threat intelligence and incident data into your Splunk environment. This add-on leverages Python scripts to collect, parse, and organize data such as victim details, indicators of compromise (IOCs), ransomware notes, negotiation information, and YARA rules. It provides enhanced visibility into ransomware activities and enables efficient monitoring, alerting, and analysis within your Splunk ecosystem

Categories

Security, Fraud & Compliance, SIEM

Created By

Avotrix Inc

Type

addon

Downloads

3

Licensing

Apache License Version 2.0(Opens new window)

Splunk Answers

Ask a question about this app listing(Opens new window)

Resources

Log in to report this app listing