CryptView Collector is a metadata-only Splunk Technology Add-on for filesystem cryptographic inventory.
It helps security, PKI, platform, and infrastructure teams discover cryptographic assets present on Splunk forwarder hosts, including X.509 certificate files, private-key-file presence, and PKCS12/JKS keystores.
The add-on runs as a disabled-by-default scripted input. It scans only filesystem paths explicitly configured by an administrator and emits newline-delimited JSON events to Splunk using sourcetype cryptview:crypto_asset.
CryptView Collector does not perform network scanning, does not open TLS sockets, and does not run PQC or hybrid TLS probes. It does not emit private key contents, keystore passwords, credentials, tokens, cookies, or confidential file contents.
The collector emits raw observation fields only. Downstream dashboards or the CryptView platform can derive certificate lifecycle risk, cryptographic posture, PQC evidence status, and remediation priorities from those observations.
This add-on is designed to work with the companion CryptView CBOM Overview dashboard app on Splunkbase app 8786.