Skip to content

threatworx/splunk_packages

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits
packages/add_on
packages/add_on
 
 
README.md
README.md
 
 

Repository files navigation

splunk_add_on_pkg

This repository contains Splunk Apps/Add-on packages

Installing and configuring Splunk Add-on

  1. Download the Splunk Add-on locally from the repo using the link below: https://github.com/threatworx/splunk_packages/blob/master/packages/add_on/TA-threatworx-add-on-1.0.0.spl
    Note that Splunk package files have a ".spl" extension but are ".tgz" files. You can rename the file to change the extension and unzip the file.
  2. Install the Splunk Add-on from "Apps --> Manage --> Install app from file"
  3. Create an index for ThreatWorx data from "Settings --> Indexes"
  4. Open the "ThreatWorx Add-on"
  5. Configure the Add-on by navigating to "Configuration --> Add-on Settings"
  6. Configure a new input by navigating to "Inputs --> Create New Input"

You are all set.

Note if you have a distributed Splunk environment (comprising of multiple Splunk Indexers, Splunk Heavy Forwarders, Splunk Search Head Clusters) you will want to update props.conf on the Splunk Search Head to avoid double JSON extraction at search time as below:

$ cat $SPLUNK_HOME/etc/apps/my_TA_threatworx/local/props.conf
[threatworx:vulnerability:impact]
KV_MODE = none
AUTO_KV_JSON = false

About

Splunk Add on packages

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors