STIG Compliance App for Splunk

Managing STIG compliance shouldn't require expensive vendor platforms, complex infrastructure, or weeks of deployment. I built this app because I believe every organization — regardless of size or budget — deserves access to effective compliance tools. My goal is to help as many people and organizations as possible by providing a free, production-ready resource that solves a real problem. STIG Compliance App for Splunk imports DISA STIG checklists and transforms them into searchable, reportable compliance data — with zero external dependencies and zero infrastructure beyond your existing Splunk deployment. Upload .ckl and .cklb checklist files directly through your browser. The app parses, indexes, and visualizes your compliance posture in minutes — not days. KEY FEATURES - Browser-based drag-and-drop upload for .ckl and .cklb files — no forwarders, no file shares, no scripted inputs - Custom CKL/CKLB parser converts DISA STIG XML checklists into searchable Splunk events - Four compliance dashboards: Compliance Overview, Executive Summary, POA&M Report, and Upload History - Risk scoring by severity: (CAT I x 10) + (CAT II x 5) + (CAT III x 1) - Deduplication logic displays only the latest checklist per host/STIG combination - Historical upload tracking with timestamps for audit trail - Pre-built saved searches and alert templates for CAT I findings and compliance thresholds - Works on a single search head or in a clustered environment — fully self-contained WHY THIS APP EXISTS Most STIG compliance workflows today involve Excel spreadsheets, manual tracking, or paid platforms that require additional licensing and infrastructure. This app eliminates those barriers. Install one app, upload through your browser, and get compliance dashboards immediately.