Welcome to the new Splunkbase! To return to the old Splunkbase, .
Collections
Apps
Submit an app

COLLECTION

Getting Started with Security

These are the best apps to help you get started with security.

Detect

Use these apps and add-ons to detect threats in your environment

Splunk Enterprise Security app icon
Splunk Enterprise Security
By Splunk LLC
Splunk Enterprise Security (ES) solves a wide range of security analytics and operations use cases including continuous security monitoring, advanced threat detection, compliance, incident investigation, forensics and incident response. Splunk ES delivers an end-to-end view of organizations’ security postures with flexible investigations, unmatched performance, and the most flexible deployment options offered in the cloud, on-premises or hybrid deployment models. Splunk ES enables you to:
platform
Not Available
rating
(224)
Splunk Enterprise Security support icon
splunk supported app
Splunk Security Essentials app icon
Splunk Security Essentials
By Splunk LLC
Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges.
platform
Not Available
rating
(56)
Splunk Security Essentials support icon
splunk supported app
SA-Investigator for Enterprise Security app icon
SA-Investigator for Enterprise Security
By Splunk Works
SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included.
platform
Not Available
rating
(15)
SA-Investigator for Enterprise Security support icon
not supported
ThreatHunting app icon
ThreatHunting
By Olaf Hartong
This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.
platform
Not Available
rating
(13)
archived app
Enrich

Supplement your data with threat intelligence

VirusTotal Malware Lookup for Splunk app icon
VirusTotal Malware Lookup for Splunk
By Adarma Security
This app is used to supplement your data with information from VirusTotal. The custom command ` | virustotal ` (bundled with this app) uses the `https://www.virustotal.com/vtapi/v2/file/report` endpoint to communicate with the VirusTotal API.
platform
Not Available
rating
(8)
archived addon
TruSTAR Unified app icon
TruSTAR Unified
By Splunk LLC
TruSTAR integration for TruSTAR + Enterprise Security Customers.
platform
Not Available
rating
(2)
TruSTAR Unified support icon
splunk supported app
Respond

Use these Splunk SOAR apps to help respond to threats

CrowdStrike OAuth API app icon
CrowdStrike OAuth API
By Splunk LLC
This app integrates with CrowdStrike OAuth2 authentication standard to implement querying of endpoint security data
platform
Not Available
rating
(1)
CrowdStrike OAuth API support icon
splunk supported connector
IMAP app icon
IMAP
By Splunk LLC
This app supports email ingestion and various investigative actions over IMAP
platform
Not Available
rating
(0)
IMAP support icon
splunk supported connector
Jira app icon
Jira
By Splunk LLC
This app integrates with JIRA to perform several ticket management actions
platform
Not Available
rating
(0)
Jira support icon
splunk supported connector
MS Graph for Office 365 app icon
MS Graph for Office 365
By Splunk LLC
This app connects to Office 365 using the MS Graph API to support investigate and generic actions related to the email messages and calendar events
platform
Not Available
rating
(0)
MS Graph for Office 365 support icon
splunk supported connector
SMTP app icon
SMTP
By Splunk LLC
This app provides the ability to send email using SMTP
platform
Not Available
rating
(0)
SMTP support icon
splunk supported connector
Splunk app icon
Splunk
By Splunk LLC
This app integrates with Splunk to update data on the device, in addition to investigate and ingestion actions
platform
Not Available
rating
(2)
Splunk support icon
splunk supported connector
Joe Sandbox v2 app icon
Joe Sandbox v2
By Splunk LLC
This app supports executing investigative actions to analyze files and URLs on Joe Sandbox
platform
Not Available
rating
(0)
Joe Sandbox v2 support icon
splunk supported connector
Okta app icon
Okta
By Splunk LLC
This app supports various identity management actions on Okta
platform
Not Available
rating
(0)
Okta support icon
splunk supported connector
Carbon Black Response app icon
Carbon Black Response
By Splunk LLC
This app supports executing various endpoint-based investigative and containment actions on Carbon Black Response
platform
Not Available
rating
(0)
Carbon Black Response support icon
splunk supported connector