COLLECTION
Getting Started with Security
These are the best apps to help you get started with security.
Detect
Use these apps and add-ons to detect threats in your environment
Splunk Enterprise Security
By Splunk LLC
Splunk Enterprise Security (ES) solves a wide range of security analytics and operations use cases including continuous security monitoring, advanced threat detection, compliance, incident investigation, forensics and incident response. Splunk ES delivers an end-to-end view of organizations’ security postures with flexible investigations, unmatched performance, and the most flexible deployment options offered in the cloud, on-premises or hybrid deployment models. Splunk ES enables you to:
platform
Splunk Enterprise, Splunk Cloud
rating
(228)
splunk supported app
Splunk Security Essentials
By Splunk LLC
Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges.
platform
Splunk Enterprise, Splunk Cloud
rating
(56)
splunk supported app
SA-Investigator for Enterprise Security
By Splunk Works
SA-Investigator is an extension that integrates with Splunk Enterprise Security. It provides a set of views based on the asset, identity or file/process values. Tabs for individual data models like malware, network traffic, certificates are set up for easy viewing and allow the analyst to pivot between these views on a specific entity without having to open multiple dashboards and enter in criteria to start a search. Workflow actions that allow pivoting from Incident Review are also included.
platform
Splunk Enterprise, Splunk Cloud
rating
(15)
not supported
ThreatHunting
By Olaf Hartong
This is a Splunk application containing several hunting dashboards and over 120 reports that will facilitate initial hunting indicators to investigate.
platform
Splunk Enterprise
rating
(13)
archived app
Enrich
Supplement your data with threat intelligence
VirusTotal Malware Lookup for Splunk
By Adarma Security
This app is used to supplement your data with information from VirusTotal.
The custom command ` | virustotal ` (bundled with this app) uses the `https://www.virustotal.com/vtapi/v2/file/report`
endpoint to communicate with the VirusTotal API.
platform
Splunk Enterprise
rating
(8)
archived addon
TruSTAR Unified
By Splunk LLC
TruSTAR integration for TruSTAR + Enterprise Security Customers.
platform
Splunk Enterprise, Splunk Cloud
rating
(2)
splunk supported app
Respond
Use these Splunk SOAR apps to help respond to threats
CrowdStrike OAuth API
By Splunk LLC
This app integrates with CrowdStrike OAuth2 authentication standard to implement querying of endpoint security data
platform
SOAR On-Prem, SOAR Cloud
rating
(1)
splunk supported connector
IMAP
By Splunk LLC
This app supports email ingestion and various investigative actions over IMAP
platform
SOAR On-Prem, SOAR Cloud
rating
(0)
splunk supported connector
Jira
By Splunk LLC
This app integrates with JIRA to perform several ticket management actions
platform
SOAR On-Prem, SOAR Cloud
rating
(0)
splunk supported connector
MS Graph for Office 365
By Splunk LLC
This app connects to Office 365 using the MS Graph API to support investigate and generic actions related to the email messages and calendar events
platform
SOAR On-Prem, SOAR Cloud
rating
(0)
splunk supported connector