CINXE.COM

<!DOCTYPE html><html><head><meta charSet="utf-8"/><meta name="viewport" content="width=device-width"/><meta name="next-head-count" content="2"/><link rel="apple-touch-icon-precomposed" sizes="57x57" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-57x57.png"/><link rel="apple-touch-icon-precomposed" sizes="114x114" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-114x114.png"/><link rel="apple-touch-icon-precomposed" sizes="72x72" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-72x72.png"/><link rel="apple-touch-icon-precomposed" sizes="144x144" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-144x144.png"/><link rel="apple-touch-icon-precomposed" sizes="60x60" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-60x60.png"/><link rel="apple-touch-icon-precomposed" sizes="120x120" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-120x120.png"/><link rel="apple-touch-icon-precomposed" sizes="76x76" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-76x76.png"/><link rel="apple-touch-icon-precomposed" sizes="152x152" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/apple-touch-icon-152x152.png"/><link rel="icon" type="image/png" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/favicon-196x196.png" sizes="196x196"/><link rel="icon" type="image/png" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/favicon-96x96.png" sizes="96x96"/><link rel="icon" type="image/png" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/favicon-32x32.png" sizes="32x32"/><link rel="icon" type="image/png" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/favicon-16x16.png" sizes="16x16"/><link rel="icon" type="image/png" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/favicon-128.png" sizes="128x128"/><link rel="shortcut icon" type="image/x-icon" href="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/favicon.ico"/><meta name="msapplication-TileImage" content="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/mstile-144x144.png"/><meta name="msapplication-square70x70logo" content="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/mstile-70x70.png"/><meta name="msapplication-square150x150logo" content="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/mstile-150x150.png"/><meta name="msapplication-wide310x150logo" content="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/mstile-310x150.png"/><meta name="msapplication-square310x310logo" content="https://www.splunk.com/content/dam/splunk2/images/icons/favicons/mstile-310x310.png"/>​<link rel="preload" href="https://cdn.splunkbase.splunk.com/_next/static/css/4b6138b56fa00d7b.css" as="style"/><link rel="stylesheet" href="https://cdn.splunkbase.splunk.com/_next/static/css/4b6138b56fa00d7b.css" data-n-g=""/><noscript data-n-css=""></noscript><script defer="" nomodule="" src="https://cdn.splunkbase.splunk.com/_next/static/chunks/polyfills-78c92fac7aa8fdd8.js"></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/webpack-5da1efd40c1151fb.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/framework-9620da855a94eb57.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/main-9313876f5b9c0070.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/pages/_app-b002e984e34c9d6b.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/846-b60936d7e3434162.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/2-0ab63ddcb683ce34.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/33-92994135e57e504b.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/947-7b0789bdd0f98ca6.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/chunks/pages/index-83f153cbb350cc2c.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/DIQkgqsiXVEQ-b6OD8rd6/_buildManifest.js" defer=""></script><script src="https://cdn.splunkbase.splunk.com/_next/static/DIQkgqsiXVEQ-b6OD8rd6/_ssgManifest.js" defer=""></script><style data-styled="" data-styled-version="5.3.10"></style></head><body style="margin:0;background-color:#08090A"><noscript><iframe src="https://www.googletagmanager.com/ns.html?id=GTM-TPV7TP" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript><div id="__next"></div><script id="__NEXT_DATA__" type="application/json">{"props":{"pageProps":{"allCollections":[{"id":8,"name":"cisco","display_name":"Getting Started with Cisco Apps","tagline":"See the power of Cisco + Splunk with these improved apps for Security and Observability","description":null,"icon_url":"https://cdn.splunkbase.splunk.com/media/public/collections/img-splunkbase-collection-cisco.png","position":1,"app_count":24,"subcollections":[{"id":22,"name":"cisco_observability","display_name":"Observability","tagline":"Unlock more insights across any environment and any stack","apps":[6668,6656,5781,5686,5580,4991,3471,2731,1917,1915,1761,1747,1620,1467],"position":2},{"id":21,"name":"cisco_security","display_name":"Security","tagline":"Accelerate comprehensive visibility with best-in-class integrations","apps":[7219,6398,5887,5580,4388,3670,3504,1761,1747,1620],"position":1}]},{"id":7,"name":"machine_learning","display_name":"Getting Started with AI","tagline":"These Machine Learning and AI powered apps and assistants give you the power of Machine Learning for common use cases with just a couple of clicks.","description":null,"icon_url":"https://cdn.splunkbase.splunk.com/media/public/collections/img_machine_learning_dark.png","position":2,"app_count":9,"subcollections":[{"id":20,"name":"Advanced_Experimentation","display_name":"Advanced Experimentation","tagline":"Dive deeper into Data Science, build your own algorithms, and leverage Deep Learning.","apps":[4607],"position":3},{"id":19,"name":"Foundational_Capabilities","display_name":"Foundational Capabilities","tagline":"Essential apps to get you started on your ML journey. Some are prerequisites for our intelligent experiences.","apps":[2890,2884,2883,2882,2881],"position":2},{"id":18,"name":"Intelligent_Experiences","display_name":"Intelligent Experiences","tagline":"These ML-powered apps and assistants give you the power of ML for common use cases with just a couple of clicks.","apps":[7245,6843,6415],"position":1}]},{"id":2,"name":"pipeline","display_name":"Pipeline Analytics for DevOps","tagline":"Create visibility across your software development lifecycle","description":null,"icon_url":"https://cdn.splunkbase.splunk.com/media/public/collections/pipeline.png","position":3,"app_count":13,"subcollections":[{"id":5,"name":"auditing_compliance","display_name":"Auditing and Compliance for DevSecOps","tagline":"Shift left security with confidence","apps":[6139,5330,5093,5023,4356],"position":3},{"id":4,"name":"dora_metrics","display_name":"Measure Success with DORA Metrics","tagline":"Quantify business outcomes from your delivery chain.","apps":[6254,5596,5589,4886],"position":2},{"id":3,"name":"monitor","display_name":"Monitor","tagline":"Support the uptime and performance of your delivery chain.","apps":[6352,5141,5135,3332],"position":1}]},{"id":3,"name":"detection_response","display_name":"Detection and Response","tagline":"Collect data across multiple security layers and manage threats quickly. Provide comprehensive protection for your organization.","description":null,"icon_url":"https://cdn.splunkbase.splunk.com/media/public/collections/detection_response.png","position":4,"app_count":31,"subcollections":[{"id":8,"name":"email_security","display_name":"Email Security","tagline":"See and contain email threats at patient zero before the next user is compromised.","apps":[6049,5819,4075,3080],"position":3},{"id":6,"name":"endpoint","display_name":"Endpoint","tagline":"Pull in endpoint detections to jump start your detection and response workflows.","apps":[6084,6056,5947,5433,5177,5094,4137,3921],"position":1},{"id":10,"name":"identity","display_name":"Identity","tagline":"Link attacks to users and proactively block attacks from potentially compromised accounts.","apps":[5921,5771,5763,3682,1151,976],"position":5},{"id":7,"name":"network","display_name":"Network","tagline":"Track lateral movement or monitor agentless endpoints, like internet of things or operational technology devices.","apps":[6073,6015,5830,4471,3938,3827,3539,491],"position":2},{"id":9,"name":"workload_monitoring","display_name":"Server/Cloud Workload Monitoring","tagline":"Keep an eye on containers and serverless functions in your cloud infrastructure.","apps":[5813,5761,4882,3088,1274],"position":4}]},{"id":4,"name":"accenture","display_name":"Accenture Cloud Services","tagline":"Get to value faster with Cloud First.","description":null,"icon_url":"https://cdn.splunkbase.splunk.com/media/public/collections/accenture.png","position":5,"app_count":3,"subcollections":[{"id":11,"name":"cloud_first","display_name":"Cloud First, value first","tagline":"Speed, cost, and innovation–Accenture Cloud First makes cloud’s promise real.\\n We harness the power of change to create new and extraordinary 360 degree value by putting cloud at the core of your business. Our approach puts your business needs first, creating industry-specific solutions to get you moved to—and benefiting from—the cloud now.\\n Move to the cloud with us and you’ll find new and better ways to harness the power of cloud computing. From migration to cloud management, we work with you to help your business realize its full promise and achieve measurable, extraordinary 360 degree value.","apps":[],"position":1},{"id":13,"name":"learn_more_accenture","display_name":"Learn More","tagline":"To learn more visit us at: www.accenture.com/us-en/cloud/services-index","apps":[],"position":3},{"id":12,"name":"splunk_built_accenture","display_name":"Splunk built apps","tagline":"Splunk supported apps delivered through Accenture Cloud Services","apps":[3546,3449,1841],"position":2}]},{"id":5,"name":"security","display_name":"Getting Started with Security","tagline":"These are the best apps to help you get started with security.","description":null,"icon_url":"https://cdn.splunkbase.splunk.com/media/public/collections/security.png","position":6,"app_count":15,"subcollections":[{"id":14,"name":"detect","display_name":"Detect","tagline":"Use these apps and add-ons to detect threats in your environment","apps":[4305,3749,3435,263],"position":1},{"id":15,"name":"enrich","display_name":"Enrich","tagline":"Supplement your data with threat intelligence","apps":[5542,4283],"position":2},{"id":16,"name":"respond","display_name":"Respond","tagline":"Use these Splunk SOAR apps to help respond to threats","apps":[5947,5921,5905,5848,5847,5824,5806,5798,5786],"position":3}]}],"trendingSplunkApps":[{"id":263,"by":"Splunk LLC","description":"Splunk Enterprise Security (ES) solves a wide range of security analytics and operations use cases including continuous security monitoring, advanced threat detection, compliance, incident investigation, forensics and incident response. Splunk ES delivers an end-to-end view of organizations’ security postures with flexible investigations, unmatched performance, and the most flexible deployment options offered in the cloud, on-premises or hybrid deployment models. Splunk ES enables you to: \n\n- Conquer alert fatigue with high-fidelity Risk-Based Alerting.\n- Bring visibility across your hybrid environment with multicloud security monitoring.\n- Conduct flexible investigations for effective threat hunting across security, IT and DevOps data sources.\n\nSplunk ES is a premium security solution requiring a paid license.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/4f4c67a2-251c-11ef-aa96-ae4e248a2471.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":218,"average":4},"support":"premium","title":"Splunk Enterprise Security","app_type":"app"},{"id":1876,"by":"Splunk LLC","description":"The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.\n\nIf you use both the Splunk Add-on for Amazon Security Lake as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Security Lake before upgrading the Splunk Add-on for AWS to version 7.0.0 or later in order to avoid any data duplication and discrepancy issues.\n__________________________________________________________________________________________________________\n\nIngesting data from AWS to Splunk Cloud? Have you tried the new Splunk Data Manager yet? Data Manager makes AWS data ingestion simpler, more automated and centrally managed for you, while co-existing with AWS and/or Kinesis TAs. Read our blog post to learn more about Data Manager and it’s availability on your Splunk Cloud instance: https://splk.it/3e9F863\n__________________________________________________________________________________________________________\n\nThe Splunk Add-on for Amazon Web Services allows a Splunk software administrator to collect:\n* Configuration snapshots, configuration changes, and historical configuration data from the AWS Config service.\n* Metadata for your AWS EC2 instances, reserved instances, and EBS snapshots.\n* Compliance details, compliance summary, and evaluation status of your AWS Config Rules.\n* Assessment Runs and Findings data from the Amazon Inspector service.\n* Management and change events from the AWS CloudTrail service.\n* VPC flow logs and other logs from the CloudWatch Logs service.\n* Performance and billing metrics from the AWS CloudWatch service.\n* Billing reports that you have configured in AWS.\n* S3, CloudFront, and ELB access logs.\n* Generic data from your S3 buckets.\n* Generic data from your Kinesis streams.\n* Generic data from SQS.\n* Security events from Amazon Security Lake\n\nThis add-on provides modular inputs and CIM-compatible knowledge to use with other apps, such as the Splunk App for AWS, Splunk Enterprise Security and Splunk IT Service Intelligence.\n\nVersions 5.0.0 and later of the Splunk Add-on for AWS is compatible only with Splunk Enterprise version 8.0.0 and above.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/9ecc5404-8471-11ef-bbff-26c7bab74435.png","is_archived":false,"product_types":["enterprise","cloud","itsi"],"rating":{"count":30,"average":4},"support":"splunk","title":"Splunk Add-on for Amazon Web Services (AWS)","app_type":"addon"},{"id":833,"by":"Splunk LLC","description":"*** Important: Read upgrade Instructions and test add-on update before deploying to production ***\nThere are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.\n\n\nThe Splunk Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environments.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/c5b329a0-3de8-11ef-8e04-52751697b8c7.png","is_archived":false,"product_types":["enterprise","cloud","itsi"],"rating":{"count":54,"average":3},"support":"splunk","title":"Splunk Add-on for Unix and Linux","app_type":"addon"},{"id":742,"by":"Splunk LLC","description":"*** Important: Read upgrade instructions and test add-on update before deploying to production ***\nThe Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.\n\nNeither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0.0 is supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.\n\nThe Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/e8543eb6-a172-11ef-8a33-36a81105bd3e.png","is_archived":false,"product_types":["enterprise","cloud","itsi"],"rating":{"count":45,"average":4},"support":"splunk","title":"Splunk Add-on for Microsoft Windows","app_type":"addon"},{"id":3757,"by":"Splunk Works","description":"This add-on collects data from Microsoft Azure including the following:\n\nMicrosoft Entra ID (formerly Azure Active Directory) Data\n- Users - Microsoft Entra ID user data\n- Interactive Sign-ins - Microsoft Entra ID sign-ins including conditional access policies and MFA\n- Directory audits - Microsoft Entra ID directory changes including old and new values\n- Devices - Registered devices \n- Groups\n- Risk Detection\n\nMicrosoft Security Graph API\n\nTopology - IaaS relationships\nAzure Security Center\n- Alerts\n- Tasks\nAzure Resource Graph\n\nThis add-on contains the following alert actions:\n\n- Stop Azure VM - stops an Azure Virtual Machine.\n- Add member to group - adds a user to a group. This can be useful if you need to enable additional policies like MFA based on search results.\n- Dismiss Azure Alert - dismisses an Azure Security Center alert.\n\nVersion 3.0.0 and later of the Microsoft Azure Add-on for Splunk is compatible only with Splunk Enterprise version 8.0.0 and above.\n\nWhile this app is not formally supported, the developer can be reached at https://github.com/splunk/splunk-add-on-microsoft-azure/issues. Responses are made on a best-effort basis. Feedback is always welcome and appreciated!","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/7c069fa4-a304-11ef-9e77-7e72ae1d76a7.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":23,"average":3},"support":"not_supported","title":"Splunk Add on for Microsoft Azure","app_type":"addon"},{"id":6855,"by":"Paul Stout","description":"The Add-On for ConnectWise PSA (formerly Manage) queries the ConnectWise API via modular input to Splunk changes to objects as a stateful event stream and to cache selected objects in the Splunk KVstore. Based on the Add-On for ConnectWise Manage.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5f341ba0-9eee-11ef-9ba1-e285caba22be.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":1,"average":5},"support":"developer","title":"Add-On for ConnectWise PSA","app_type":"addon"},{"id":3110,"by":"Splunk LLC","description":"The Splunk Add-on for Microsoft Cloud Services allows a Splunk software administrator to pull activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services using Event Hubs, Azure Service Management APIs and Azure Storage API.\n\nThis add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance and Splunk IT Service Intelligence.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/10823efa-8d7e-11ef-af73-f2bce97891f3.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":35,"average":3},"support":"splunk","title":"Splunk Add-on for Microsoft Cloud Services","app_type":"addon"},{"id":1621,"by":"Splunk LLC","description":"The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/67a24634-a7ce-11ef-94dd-b6deb6033f67.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":21,"average":5},"support":"splunk","title":"Splunk Common Information Model (CIM)","app_type":"addon"},{"id":2890,"by":"Splunk LLC","description":"The Splunk Machine Learning Toolkit delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.\n\nEach assistant includes end-to-end examples with datasets, plus the ability to apply the visualizations and SPL commands to your own data. You can inspect the assistant panels and underlying code to see how it all works.\nMLTK Quick Reference Guide: https://docs.splunk.com/images/3/3f/Splunk-MLTK-QuickRefGuide-2019-web.pdf\n\nAssistants:\n* Predict Numeric Fields (Linear Regression): e.g. predict median house values.\n* Predict Categorical Fields (Logistic Regression): e.g. predict customer churn.\n* Detect Numeric Outliers (distribution statistics): e.g. detect outliers in IT Ops data.\n* Detect Categorical Outliers (probabilistic measures): e.g. detect outliers in diabetes patient records.\n* Forecast Time Series: e.g. forecast data center growth and capacity planning.\n* Cluster Numeric Events: e.g. cluster business anomalies to reduce noise.\n\nSmart Assistants (new assistants with revamped UI and better ml pipeline/experiment management):\n* Smart Forecasting Assistant:: e.g. forecasting app logons with special days.\n* Smart Outlier Detection Assistant: e.g. find anomalies in supermarket purchases.\n* Smart Clustering Assistant: e.g. cluster houses by property descriptions.\n* Smart Prediction Assistant: e.g. predict vulnerabilities in firewall data. \n\nAvailable on both on-premises and cloud.\n(c) Splunk 2024. All rights reserved.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/687cb868-95c8-11ef-93be-2aa36ef6c091.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":38,"average":5},"support":"splunk","title":"Splunk Machine Learning Toolkit","app_type":"app"},{"id":2686,"by":"Splunk LLC","description":"Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports. Splunk DB Connect supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, Teradata, InfluxDB and MongoDB Atlas \u0026 Standalone.\n\nUse Splunk DB Connect's Inputs to import structured data for powerful indexing, analysis, and visualization. Use Outputs to export machine data insights to a legacy database to increase your organization's insight. Use Lookups to add meaningful information to your event data by referencing fields in an external database. Use query commands to build live dashboards mixing structured and unstructured data.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/9969b3f0-7a83-11ef-8bf5-76e3708f4d86.png","is_archived":false,"product_types":["enterprise","cloud","itsi"],"rating":{"count":134,"average":3},"support":"splunk","title":"Splunk DB Connect","app_type":"addon"},{"id":3435,"by":"Splunk LLC","description":"Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges. \n\nSecurity Content Library\nFind security content for Splunk Cloud and Splunk's SIEM and SOAR offerings and deploy out-of-the-box security detections and analytic stories to enhance your investigations and improve your security posture. \n\nCybersecurity Frameworks\nIdentify gaps in your defenses and take control of your security posture with automatic mapping of data and security detections to MITRE ATT\u0026CK® and Cyber Kill Chain® framework.\n\nData and Content Introspection\nGain visibility of the data coming into your environment to add context and telemetry to security events. Enrich your security detections with metadata and tags from the Security Content Library.\n\nSecurity Data Journey\nGet prescriptive security and data recommendations and establish a data strategy to develop a security maturity roadmap. \n\nWe have changed the security content delivery endpoint for ESCU to comply with Splunk guidance. This means that if you have SSE version 3.7.1 or lower, the last supported ESCU version is ESCU 4.22.0. In order to get the latest ESCU version, you will need to upgrade SSE to version 3.8.0.\n\nLearn more:\nDownload the Product Brief : https://www.splunk.com/pdfs/product-briefs/splunk-security-essentials.pdf\nTry out Splunk Security Essentials: https://www.splunk.com/en_us/form/splunk-security-essentials-online-demo.html\nCheck out the Documentation site: https://docs.splunk.com/Documentation/SSE","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/d5448e0c-e863-11ee-b82c-3ae09d0cd103.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":56,"average":4},"support":"splunk","title":"Splunk Security Essentials","app_type":"app"},{"id":3449,"by":"Splunk LLC","description":"The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.\n\nSecurity Content consists of tactics, techniques, and methodologies that help with detection, investigation, and response. Security Content enables security teams to directly operationalize detection searches, investigative searches, and other supporting details. ESCU can generate Notable/Risk Events in Splunk Enterprise Security. Security Content also contains easy-to-read background information and guidance, for key context on motivations and risks associated with attack techniques, as well as pragmatic advice on how to combat those techniques.\n\nThe analytic stories and their searches are also available at - https://github.com/splunk/security_content.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5d34bbf4-a216-11ef-aae7-7278c375fca5.png","is_archived":false,"product_types":["enterprise","cloud","es"],"rating":{"count":24,"average":5},"support":"splunk","title":"Splunk ES Content Update","app_type":"addon"},{"id":1603,"by":"Splunk LLC","description":"The Splunk Dashboard app v8.2.6 will reach end of support on Dec 19, 2024. No new versions of the app will be released. Simple XML examples are available in SimpleXML reference guide documentation and the Dashboards \u0026 Visualizations forum on Splunk Community. Check out this Splunk Lantern article to learn more: https://lantern.splunk.com/@go/page/7411\n-----\nThe Splunk Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.\n\nWith the app you will learn basic Simple XML concepts and how to incorporate the built-in components. All the included examples deliver a recipe for implementing dashboard elements, beginning with the most basic and progressing to more advanced elements. Each example in the app includes an actual runtime visualization followed by a description and supporting source code.\n\n(c) 2016-2020 Splunk Inc. All Rights Reserved.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/8989c616-7fd8-11ed-8c6e-d6a48ae8285c.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":71,"average":5},"support":"splunk","title":"Splunk Dashboard Examples","app_type":"app"},{"id":7665,"by":"Steven Erickson","description":"Synqly uniquely offers an Integration Platform-as-a-Service (IPAAS) for security and infrastructure vendors. Through a single API, Synqly reduces integration costs and complexity by up to 90%.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/281f6f36-a90f-11ef-a39c-1e5774d51f9d.png","is_archived":false,"product_types":[],"rating":{"count":0,"average":0},"support":"developer","title":"Synqly Integration Platform","app_type":"addon"},{"id":2846,"by":"Fortinet Inc","description":"Fortinet FortiGate Add-On for Splunk is the technical add-on (TA) developed by Fortinet, Inc. The add-on enables Splunk Enterprise to ingest or map security and traffic data collected from FortiGate physical and virtual appliances across domains. The key features include: \n\n•\tStreamlining authentication and access from FortiGate such as administrator login, user login, VPN termination authentication into to Splunk Enterprise Security Access Center\n\n•\tMapping FortiGate virus report into Splunk Enterprise Security Endpoint Malware Center\n\n•\tIngesting traffic logs, IPS logs, system configuration logs and Web filtering data etc. \n\nFortinet FortiGate Add-On for Splunk provides common information model (CIM) knowledge, advanced “saved search”, indexers and macros to use with other Splunk Enterprise apps such as Splunk App for Enterprise Security.\n\nThe compatible FOS version is 5.0 and later.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/f9382c8a-0bf2-11ef-9a10-32b5c2e086aa.png","is_archived":false,"product_types":["enterprise"],"rating":{"count":16,"average":4},"support":"not_supported","title":"Fortinet FortiGate Add-On for Splunk","app_type":"addon"},{"id":5082,"by":"CrowdStrike","description":"This technical add-on enables customers to create a persistent connect to CrowdStrike's Event Streams API so that the available detection, event, incident and audit data can be continually streamed to their Splunk environment. This connection enables organizations to combine the power of the Splunk platform with the visibility and rich event data of the CrowdStrike platform.\n\nThis add-on also is used to support the CrowdStrike Falcon App (https://splunkbase.splunk.com/app/5094/).","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5373f904-962c-11ef-808b-d6cfb0b1f05c.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":11,"average":3},"support":"developer","title":"CrowdStrike Falcon Event Streams Technical Add-On","app_type":"addon"}],"newSplunkApps":[{"id":7245,"by":"Splunk LLC","description":"Splunk AI Assistant for SPL offers bi-directional translation between natural language (NL) and Splunk Search Processing Language (SPL).\nBefore you can use Splunk AI Assistant for SPL, you must review and sign the legal terms for the app. This specialized End-User License Agreement (EULA) covers data usage and is only accessible if you have a Splunk.com account. See: https://www.splunk.com/en_us/download/ai-assistant.html\n\nOnce the EULA is signed,, please wait 3-4 business days for email notification that you can install Splunk AI Assistant for SPL.\n\nWhat's in the app . . .\nOn the Write SPL tab, compose what you want to search in plain English, and the Splunk AI Assistant for SPL translates the request into Splunk Search Processing Language (SPL). You can execute or build on that SPL search, all within a familiar Splunk interface. \nOn the Explain SPL tab, Splunk AI Assistant for SPL explains what any SPL search is doing in plain English, along with a detailed breakdown of the search. \nOn the Tell me about tab, Splunk AI Assistant for SPL answers questions about Splunk documentation and any Splunk platform term or product.\n\n(c) Splunk 2024. All rights reserved.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/94e5d9d8-a61d-11ef-8b45-5e3507a9ce1b.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":2,"average":5},"support":"splunk","title":"Splunk AI Assistant for SPL (Cloud Version)","app_type":"app"},{"id":3549,"by":"Splunk LLC","description":"*** Important: Read upgrade instructions and test your add-on update before deploying to production ***\nVersion 2.0.0 of the Splunk Add-on for Salesforce introduces breaking changes. To avoid data loss or data duplication, follow the documented upgrade instructions in detail. If your are upgrading an earlier version of the Splunk Add-on for Salesforce, a best practice is to test your update in a non-production environment before deploying to production.\n\nThe Splunk Add-on for Salesforce allows a Splunk software administrator to collect different types of data from Salesforce using REST APIs. The data includes:\n\n* Event log file data, https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/using_resources_event_log_files.htm.\n* Output of Salesforce object queries (SOQL). \n\nThis add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security, the Splunk App for PCI Compliance, and Splunk IT Service Intelligence.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/160dc000-a65c-11ef-96e6-9215900b3b58.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":9,"average":3},"support":"splunk","title":"Splunk Add-on for Salesforce","app_type":"addon"},{"id":1915,"by":"Splunk LLC","description":"The Splunk Add-on for Cisco ISE allows a Splunk software administrator to collect Cisco Identity Service Engine (ISE) syslog data. You can use the Splunk platform to analyze these logs directly or use them as a contextual data source to correlate with other communication and authentication data in the Splunk platform. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/a46f5f64-a807-11ef-85f7-d2f7536f5b7c.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":6,"average":4},"support":"splunk","title":"Splunk Add-on for Cisco Identity Services","app_type":"addon"},{"id":2954,"by":"Splunk LLC","description":"The Splunk Add-on for JBoss allows a Splunk software administrator to collect JBoss file system logs from a local JBoss server and performance metrics from MBean attributes and operations from local and remote JBoss servers. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/60efe4dc-a688-11ef-8b45-5e3507a9ce1b.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":2,"average":5},"support":"splunk","title":"Splunk Add-on for JBoss","app_type":"addon"},{"id":5798,"by":"Splunk LLC","description":"This app supports email ingestion and various investigative actions over IMAP","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5c3ace56-a7a6-11ef-a983-0a9ad16b3e53.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"IMAP","app_type":"connector"},{"id":5688,"by":"Splunk LLC","description":"The Splunk App for Chargeback aids customers in understand Splunk Virtual Compute (SVC) usage categorized by business units and departments, utilizing the identical SVC usage data available in the Cloud Monitoring Console (CMC) App within the customer's stack.\n\nTo access bonus videos from conf23, click on the \"Details\" tab.\n\nIMPORTANT NOTES:\n1. The document is now integrated into the app, accessible from the home dashboard.\n2. For an optimal experience, consider installing the app independently. Search for \"chargeback\" among available apps, then click \"Install\" next to the Splunk App for Chargeback. Refer to the document on the home page for guidance.\n3. If you're comfortable reviewing a slightly older document, visit this site: https://docs.splunk.com/Documentation/ChargebackApp/current/Use/Overview\n\nDescription\nSplunk App for Chargeback provides an easy-to-use experience to analyze how internal business units are leveraging Splunk. The App provides the framework necessary for Chargeback and/or Showback use cases for:\n1. Splunk Virtual Compute (SVC)\n2. Dynamic Data: Active Searchable (DDAS)\n3. Dynamic Data: Active Archive (DDAA)\n4. Dynamic Data: Self-Storage (DDSS)\n5. SmartStore\n\nThe app provide the following functionally to all Splunk customers:\n- Framework for customers to build their own Chargeback and/or Showback models\n- Means to determine how many SVCs are allocated to various business units, departments, and users in those departments [Accounting].\n- Means to automatically determine how Splunk Cloud stack resources are being used by the various business units [Utilization].\n- Ability to drill-down and break down the usage starting at the highest level in the business all the way down to the user level\n- Ability to forecast SVC usage for the entire organization and by business unit using Splunk Machine Learning\n- Accurately maintained up-to-date list of identities along with corresponding Business Unit \u0026 Department information by way of indexing the data from a source like DB Connect or Active Directory\n\nODS Support\nYou can open an ODS request under task Install/Configure App or TA/Add-On in the support portal (https://www.splunk.com/pdfs/professional-services/splunk-ondemand-services-portal.pdf). Select after choosing Pick your Product = Splunk Core - Enterprise/Splunk Cloud. Enter under the subject/description that you need help configuring the Splunk App for Chargeback specifically. \n\nFeedback is always welcome and appreciated.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/d432268a-a697-11ef-94dd-b6deb6033f67.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":9,"average":4},"support":"splunk","title":"Splunk App for Chargeback","app_type":"app"},{"id":5850,"by":"Splunk LLC","description":"This app supports executing various endpoint-based investigative and containment actions on an SSH endpoint","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/ad9bbdfc-a696-11ef-9eaf-aafe6569745b.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":1,"average":5},"support":"splunk","title":"SSH","app_type":"connector"},{"id":5900,"by":"Splunk LLC","description":"This app integrates with Google People to support various generic and investigative actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/f1e3a24a-a605-11ef-bd6f-d6c0cf984f57.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"Google People","app_type":"connector"},{"id":5945,"by":"Splunk LLC","description":"This app implements investigative actions using RDAP","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/0aea5ea4-a602-11ef-96e6-9215900b3b58.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"WHOIS RDAP","app_type":"connector"},{"id":2647,"by":"Splunk LLC","description":"The Splunk Add-on for Java Management Extensions (JMX) allows a Splunk software administrator to poll local or remote JMX Management Servers running in Java Virtual Machines and index MBean attributes, outputs from MBean operations, and MBean notifications. This add-on provides modular inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security, the Splunk App for PCI Compliance, and Splunk IT Service Intelligence.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/af63f8d8-a11a-11ef-b191-5697c7a1eb53.png","is_archived":false,"product_types":["enterprise","itsi","cloud"],"rating":{"count":7,"average":3},"support":"splunk","title":"Splunk Add-on for Java Management Extensions","app_type":"addon"},{"id":5829,"by":"Splunk LLC","description":"This app ingests emails from a mailbox in addition to supporting various investigative and containment actions on an Office 365 service","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/7eb7ec62-a476-11ef-bd39-1ed0134224bb.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"EWS for Office 365","app_type":"connector"},{"id":5815,"by":"Splunk LLC","description":"This app integrates with Microsoft OneDrive to execute various generic actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/c90f0b84-a330-11ef-9c00-0ebbcffcb3b7.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"Microsoft OneDrive","app_type":"connector"},{"id":7505,"by":"Splunk LLC","description":"Splunk App for Palo Alto Networks leverages the data visibility provided by the Palo Alto Networks security platform with Splunk's extensive investigation and visualization capabilities to deliver advanced security reporting and analysis. This app enables security analysts, administrators, and architects to correlate application and user activities across all network and security infrastructures from a real-time and historical perspective. Complicated incident analysis that previously consumed days of manual and error-prone data mining can now be automated, saving not only manpower but also enabling key enterprise security resources to focus on critical, time-sensitive investigations.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/78f6dc0e-9e25-11ef-895f-7e8117c96b32.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"Splunk App for Palo Alto Networks","app_type":"app"},{"id":3449,"by":"Splunk LLC","description":"The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.\n\nSecurity Content consists of tactics, techniques, and methodologies that help with detection, investigation, and response. Security Content enables security teams to directly operationalize detection searches, investigative searches, and other supporting details. ESCU can generate Notable/Risk Events in Splunk Enterprise Security. Security Content also contains easy-to-read background information and guidance, for key context on motivations and risks associated with attack techniques, as well as pragmatic advice on how to combat those techniques.\n\nThe analytic stories and their searches are also available at - https://github.com/splunk/security_content.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5d34bbf4-a216-11ef-aae7-7278c375fca5.png","is_archived":false,"product_types":["enterprise","es","cloud"],"rating":{"count":24,"average":5},"support":"splunk","title":"Splunk ES Content Update","app_type":"addon"},{"id":742,"by":"Splunk LLC","description":"*** Important: Read upgrade instructions and test add-on update before deploying to production ***\nThe Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.\n\nNeither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0.0 is supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.\n\nThe Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/e8543eb6-a172-11ef-8a33-36a81105bd3e.png","is_archived":false,"product_types":["enterprise","itsi","cloud"],"rating":{"count":45,"average":4},"support":"splunk","title":"Splunk Add-on for Microsoft Windows","app_type":"addon"},{"id":5580,"by":"Splunk LLC","description":"The Splunk Add-on for Cisco Meraki lets you monitor network and security events in your environment. The the Splunk Add-on for Cisco Meraki can collect the following data via the Cisco Meraki REST APIs: Configuration changes Organization security events Events from devices (such as access points, cameras, switches and security appliances)\n\nThe Splunk Add-on for Cisco Meraki provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/4b5bc580-a180-11ef-b191-5697c7a1eb53.png","is_archived":false,"product_types":["cloud","enterprise"],"rating":{"count":2,"average":5},"support":"splunk","title":"Splunk Add-on for Cisco Meraki","app_type":"addon"}],"popularSOARApps":[{"id":5814,"by":"Splunk LLC","description":"This app supports investigative actions against a Microsoft Azure SQL Server","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/a1df2afc-818a-11ef-a963-56625c9f2173.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":1,"average":0},"support":"splunk","title":"Microsoft Azure SQL","app_type":"connector"},{"id":5834,"by":"Splunk LLC","description":"This App exposes various Phantom APIs as actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/bb2186b0-7a8a-11ef-a8bb-9a8e30bd4d7c.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"Phantom","app_type":"connector"},{"id":5865,"by":"Splunk LLC","description":"This app integrates with the VirusTotal cloud to implement investigative and reputation actions using v3 APIs","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/80e3feaa-4b2e-11ef-bff3-06faa8466ec0.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"VirusTotal v3","app_type":"connector"},{"id":5806,"by":"Splunk LLC","description":"This app integrates with JIRA to perform several ticket management actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/cd71b052-cf3f-11ee-88fc-92a20166b7c1.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"Jira","app_type":"connector"},{"id":5925,"by":"Splunk LLC","description":"This app implements URL investigative capabilities utilizing PhishTank","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/f191587c-74ca-11ee-92b3-6e3c758e154e.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"PhishTank","app_type":"connector"},{"id":5788,"by":"Splunk LLC","description":"This app performs email ingestion, investigative and containment actions on an on-premise Exchange installation","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/aca222c0-80de-11ef-a95f-0693e4457c45.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":2,"average":5},"support":"splunk","title":"Microsoft Exchange On-Premise EWS","app_type":"connector"},{"id":5847,"by":"Splunk LLC","description":"This app provides the ability to send email using SMTP","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/b89be33e-800e-11ef-ad05-e2ecefd201e1.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"SMTP","app_type":"connector"},{"id":5848,"by":"Splunk LLC","description":"This app integrates with Splunk to update data on the device, in addition to investigate and ingestion actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/ec2cfc2e-8b12-11ef-98f7-a62ab2ee83aa.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":2,"average":5},"support":"splunk","title":"Splunk","app_type":"connector"},{"id":5933,"by":"Splunk LLC","description":"This app integrates with the Screenshot Machine service","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/2147b30a-299c-11ef-94f2-ce857fec5ae2.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"Screenshot Machine","app_type":"connector"},{"id":5932,"by":"Splunk LLC","description":"This app integrates with ServiceNow to perform investigative and generic actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/efd254f8-3489-11ef-8cde-f6e2728765f9.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":1,"average":5},"support":"splunk","title":"ServiceNow","app_type":"connector"},{"id":5872,"by":"Splunk LLC","description":"This app implements containment and investigative actions on Zscaler","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/78e5d570-8d8c-11ef-a090-d628a99ce4ff.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"Zscaler","app_type":"connector"},{"id":5846,"by":"Splunk LLC","description":"Integrate with Slack to post messages and attachments to channels","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/6a8b5eba-1064-11ee-a4d9-d2090b54eb6a.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":2,"average":3},"support":"splunk","title":"Slack","app_type":"connector"},{"id":5829,"by":"Splunk LLC","description":"This app ingests emails from a mailbox in addition to supporting various investigative and containment actions on an Office 365 service","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/7eb7ec62-a476-11ef-bd39-1ed0134224bb.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"EWS for Office 365","app_type":"connector"},{"id":5875,"by":"Splunk LLC","description":"This app integrates with the Windows Remote Management service to execute various actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/dd961bd6-7f38-11ef-862f-b2e8ed0cd5cd.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":1,"average":5},"support":"splunk","title":"Windows Remote Management","app_type":"connector"},{"id":5798,"by":"Splunk LLC","description":"This app supports email ingestion and various investigative actions over IMAP","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5c3ace56-a7a6-11ef-a983-0a9ad16b3e53.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":0,"average":0},"support":"splunk","title":"IMAP","app_type":"connector"},{"id":5858,"by":"Splunk LLC","description":"This App integrates with TruSTAR to provide various hunting and reporting actions","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/54780650-9368-11ee-8df5-2a9077bedc0e.svg","is_archived":false,"product_types":["soar","soar_cloud"],"rating":{"count":5,"average":3},"support":"splunk","title":"TruSTAR","app_type":"connector"}],"popularCloudApps":[{"id":1876,"by":"Splunk LLC","description":"The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.\n\nIf you use both the Splunk Add-on for Amazon Security Lake as well as the Splunk Add-on for AWS on the same Splunk instance, then you must uninstall the Splunk Add-on for Amazon Security Lake before upgrading the Splunk Add-on for AWS to version 7.0.0 or later in order to avoid any data duplication and discrepancy issues.\n__________________________________________________________________________________________________________\n\nIngesting data from AWS to Splunk Cloud? Have you tried the new Splunk Data Manager yet? Data Manager makes AWS data ingestion simpler, more automated and centrally managed for you, while co-existing with AWS and/or Kinesis TAs. Read our blog post to learn more about Data Manager and it’s availability on your Splunk Cloud instance: https://splk.it/3e9F863\n__________________________________________________________________________________________________________\n\nThe Splunk Add-on for Amazon Web Services allows a Splunk software administrator to collect:\n* Configuration snapshots, configuration changes, and historical configuration data from the AWS Config service.\n* Metadata for your AWS EC2 instances, reserved instances, and EBS snapshots.\n* Compliance details, compliance summary, and evaluation status of your AWS Config Rules.\n* Assessment Runs and Findings data from the Amazon Inspector service.\n* Management and change events from the AWS CloudTrail service.\n* VPC flow logs and other logs from the CloudWatch Logs service.\n* Performance and billing metrics from the AWS CloudWatch service.\n* Billing reports that you have configured in AWS.\n* S3, CloudFront, and ELB access logs.\n* Generic data from your S3 buckets.\n* Generic data from your Kinesis streams.\n* Generic data from SQS.\n* Security events from Amazon Security Lake\n\nThis add-on provides modular inputs and CIM-compatible knowledge to use with other apps, such as the Splunk App for AWS, Splunk Enterprise Security and Splunk IT Service Intelligence.\n\nVersions 5.0.0 and later of the Splunk Add-on for AWS is compatible only with Splunk Enterprise version 8.0.0 and above.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/9ecc5404-8471-11ef-bbff-26c7bab74435.png","is_archived":false,"product_types":["enterprise","itsi","cloud"],"rating":{"count":30,"average":4},"support":"splunk","title":"Splunk Add-on for Amazon Web Services (AWS)","app_type":"addon"},{"id":742,"by":"Splunk LLC","description":"*** Important: Read upgrade instructions and test add-on update before deploying to production ***\nThe Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.\n\nNeither the Splunk Add-on for Windows DNS version 1.0.1 nor the Splunk Add-on for Windows Active Directory version 1.0.0 is supported when installed alongside the Splunk Add-on for Windows version 6.0.0. The Splunk Add-on for Windows version 6.0.0 includes the Splunk Add-on for Windows DNS and the Splunk Add-on for Microsoft Active Directory.\n\nThe Splunk for Microsoft Windows add-on includes predefined inputs to collect data from Windows systems and maps to normalize the data to the Common Information Model.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/e8543eb6-a172-11ef-8a33-36a81105bd3e.png","is_archived":false,"product_types":["enterprise","itsi","cloud"],"rating":{"count":45,"average":4},"support":"splunk","title":"Splunk Add-on for Microsoft Windows","app_type":"addon"},{"id":3088,"by":"Splunk LLC","description":"The Splunk Add-on for Google Cloud Platform allows a Splunk software administrator to collect google cloud platform events, logs, performance metrics and billing data using Google Cloud Platform API. \nAfter the Splunk platform indexes the events, you can analyze the data using the prebuilt panels included with the add-on. You can then directly analyze the data or use it as a contextual data feed to correlate with other Google Cloud-related data in the Splunk platform.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/c02bb214-7d70-11ef-a020-328fe7bc9496.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":10,"average":4},"support":"splunk","title":"Splunk Add-on for Google Cloud Platform","app_type":"addon"},{"id":833,"by":"Splunk LLC","description":"*** Important: Read upgrade Instructions and test add-on update before deploying to production ***\nThere are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.\n\n\nThe Splunk Add-on for Unix and Linux works with the Splunk App for Unix and Linux to provide rapid insights and operational visibility into large-scale Unix and Linux environments. With its new pre-packaged alerting capability, flexible service-based hosts grouping, and easy management of many data sources, it arms administrators with a powerful ability to quickly identify performance and capacity bottlenecks and outliers in Unix and Linux environments.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/c5b329a0-3de8-11ef-8e04-52751697b8c7.png","is_archived":false,"product_types":["enterprise","itsi","cloud"],"rating":{"count":54,"average":3},"support":"splunk","title":"Splunk Add-on for Unix and Linux","app_type":"addon"},{"id":1603,"by":"Splunk LLC","description":"The Splunk Dashboard app v8.2.6 will reach end of support on Dec 19, 2024. No new versions of the app will be released. Simple XML examples are available in SimpleXML reference guide documentation and the Dashboards \u0026 Visualizations forum on Splunk Community. Check out this Splunk Lantern article to learn more: https://lantern.splunk.com/@go/page/7411\n-----\nThe Splunk Dashboard app delivers examples that give you a hands-on way to learn the basic concepts and tools needed to rapidly create rich dashboards using Simple XML. This new app incorporates learn-by-doing Simple XML examples, including extensions to Simple XML for further customization of layout, interactivity, and visualizations.\n\nWith the app you will learn basic Simple XML concepts and how to incorporate the built-in components. All the included examples deliver a recipe for implementing dashboard elements, beginning with the most basic and progressing to more advanced elements. Each example in the app includes an actual runtime visualization followed by a description and supporting source code.\n\n(c) 2016-2020 Splunk Inc. All Rights Reserved.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/8989c616-7fd8-11ed-8c6e-d6a48ae8285c.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":71,"average":5},"support":"splunk","title":"Splunk Dashboard Examples","app_type":"app"},{"id":2890,"by":"Splunk LLC","description":"The Splunk Machine Learning Toolkit delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.\n\nEach assistant includes end-to-end examples with datasets, plus the ability to apply the visualizations and SPL commands to your own data. You can inspect the assistant panels and underlying code to see how it all works.\nMLTK Quick Reference Guide: https://docs.splunk.com/images/3/3f/Splunk-MLTK-QuickRefGuide-2019-web.pdf\n\nAssistants:\n* Predict Numeric Fields (Linear Regression): e.g. predict median house values.\n* Predict Categorical Fields (Logistic Regression): e.g. predict customer churn.\n* Detect Numeric Outliers (distribution statistics): e.g. detect outliers in IT Ops data.\n* Detect Categorical Outliers (probabilistic measures): e.g. detect outliers in diabetes patient records.\n* Forecast Time Series: e.g. forecast data center growth and capacity planning.\n* Cluster Numeric Events: e.g. cluster business anomalies to reduce noise.\n\nSmart Assistants (new assistants with revamped UI and better ml pipeline/experiment management):\n* Smart Forecasting Assistant:: e.g. forecasting app logons with special days.\n* Smart Outlier Detection Assistant: e.g. find anomalies in supermarket purchases.\n* Smart Clustering Assistant: e.g. cluster houses by property descriptions.\n* Smart Prediction Assistant: e.g. predict vulnerabilities in firewall data. \n\nAvailable on both on-premises and cloud.\n(c) Splunk 2024. All rights reserved.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/687cb868-95c8-11ef-93be-2aa36ef6c091.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":38,"average":5},"support":"splunk","title":"Splunk Machine Learning Toolkit","app_type":"app"},{"id":1621,"by":"Splunk LLC","description":"The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/67a24634-a7ce-11ef-94dd-b6deb6033f67.png","is_archived":false,"product_types":["cloud","enterprise"],"rating":{"count":21,"average":5},"support":"splunk","title":"Splunk Common Information Model (CIM)","app_type":"addon"},{"id":1924,"by":"Splunk LLC","description":"The Splunk Event Generator (Eventgen) is a utility which allows its users to easily build real-time event generators.\n\nEventgen allows an app developer to get events into Splunk to test their applications. It provides a somewhat ridiculous amount of configurability to allow users to simulate real data.\n\nTo join the development community, please go to https://github.com/splunk/eventgen.\nFor documentation, please go to the Eventgen Documentation(http://splunk.github.io/eventgen/).","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/53e6a222-f960-11eb-97a2-3a6fb3f26e50.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":25,"average":4},"support":"splunk","title":"Eventgen","app_type":"app"},{"id":3110,"by":"Splunk LLC","description":"The Splunk Add-on for Microsoft Cloud Services allows a Splunk software administrator to pull activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services using Event Hubs, Azure Service Management APIs and Azure Storage API.\n\nThis add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance and Splunk IT Service Intelligence.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/10823efa-8d7e-11ef-af73-f2bce97891f3.png","is_archived":false,"product_types":["cloud","enterprise"],"rating":{"count":35,"average":3},"support":"splunk","title":"Splunk Add-on for Microsoft Cloud Services","app_type":"addon"},{"id":2686,"by":"Splunk LLC","description":"Splunk DB Connect is a generic SQL database extension for Splunk that enables easy integration of database information with Splunk queries and reports. Splunk DB Connect supports DB2/Linux, Informix, MemSQL, MySQL, AWS Aurora, Microsoft SQL Server, Oracle, PostgreSQL, AWS RedShift, SAP SQL Anywhere, Sybase ASE, Sybase IQ, Teradata, InfluxDB and MongoDB Atlas \u0026 Standalone.\n\nUse Splunk DB Connect's Inputs to import structured data for powerful indexing, analysis, and visualization. Use Outputs to export machine data insights to a legacy database to increase your organization's insight. Use Lookups to add meaningful information to your event data by referencing fields in an external database. Use query commands to build live dashboards mixing structured and unstructured data.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/9969b3f0-7a83-11ef-8bf5-76e3708f4d86.png","is_archived":false,"product_types":["enterprise","itsi","cloud"],"rating":{"count":134,"average":3},"support":"splunk","title":"Splunk DB Connect","app_type":"addon"},{"id":3435,"by":"Splunk LLC","description":"Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges. \n\nSecurity Content Library\nFind security content for Splunk Cloud and Splunk's SIEM and SOAR offerings and deploy out-of-the-box security detections and analytic stories to enhance your investigations and improve your security posture. \n\nCybersecurity Frameworks\nIdentify gaps in your defenses and take control of your security posture with automatic mapping of data and security detections to MITRE ATT\u0026CK® and Cyber Kill Chain® framework.\n\nData and Content Introspection\nGain visibility of the data coming into your environment to add context and telemetry to security events. Enrich your security detections with metadata and tags from the Security Content Library.\n\nSecurity Data Journey\nGet prescriptive security and data recommendations and establish a data strategy to develop a security maturity roadmap. \n\nWe have changed the security content delivery endpoint for ESCU to comply with Splunk guidance. This means that if you have SSE version 3.7.1 or lower, the last supported ESCU version is ESCU 4.22.0. In order to get the latest ESCU version, you will need to upgrade SSE to version 3.8.0.\n\nLearn more:\nDownload the Product Brief : https://www.splunk.com/pdfs/product-briefs/splunk-security-essentials.pdf\nTry out Splunk Security Essentials: https://www.splunk.com/en_us/form/splunk-security-essentials-online-demo.html\nCheck out the Documentation site: https://docs.splunk.com/Documentation/SSE","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/d5448e0c-e863-11ee-b82c-3ae09d0cd103.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":56,"average":4},"support":"splunk","title":"Splunk Security Essentials","app_type":"app"},{"id":1724,"by":"Splunk LLC","description":"Ever want to edit a lookup within Splunk with a user interface? Now you can. This app provides an Excel-like interface for editing, importing, and exporting lookup files (KV store and CSV-based).\n\nThis app also makes your lookups work in Search Head Clustered environments (edits to lookups will be propagated to other search heads).\n\nRevision history is maintained for lookups so that you can view or restore older lookups quickly in the interface.\n\nCheck out the Documentation site: \nhttps://docs.splunk.com/Documentation/LookupEditor\n\nhttps://docs.splunk.com/Documentation/LookupEditor/4.0.4/User/Whatsnew","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/3c6fdcba-37c1-11ef-ae33-7ad33457a85a.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":91,"average":5},"support":"splunk","title":"Splunk App for Lookup File Editing","app_type":"app"},{"id":1151,"by":"Splunk LLC","description":"This app (also known as SA-ldapsearch) provides support functions to the Content Pack for Windows Dashboards and Reports (https://docs.splunk.com/Documentation/CPWindowsDash/latest/CP/About), Content Pack for Microsoft Exchange (https://docs.splunk.com/Documentation/CPExchange/latest/CP/About) that enable you to extract information from an Active Directory database. For instance, you can search Active Directory for records, presenting the records as events, or augment existing events with information from Active Directory based on information within the events.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/b0734732-45c7-11ef-a1c2-eae6a64917ff.png","is_archived":false,"product_types":["cloud","enterprise"],"rating":{"count":44,"average":3},"support":"splunk","title":"Splunk Supporting Add-on for Active Directory","app_type":"addon"},{"id":2757,"by":"Palo Alto Networks","description":"The Palo Alto Networks Add-on for Splunk has been deprecated and will soon be archived. View Details page for more information.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/bbfe217a-1a26-11ef-8270-5680cbc1678a.png","is_archived":false,"product_types":["enterprise"],"rating":{"count":21,"average":4},"support":"not_supported","title":"Palo Alto Networks Add-on for Splunk","app_type":"addon"},{"id":3112,"by":"Splunk LLC","description":"[NEW] The Sankey Custom Visualization app v1.6.0 will reach end of support on Dec 21, 2024. No new versions of the app will be released. Check out this Splunk Lantern article to learn more: https://lantern.splunk.com/@go/page/7824\n\nCustom Visualizations give you new interactive ways to visualize your data during search and investigation, and to better communicate results in dashboards and reports. After installing this app you’ll find a Sankey diagram as an additional item in the visualization picker in Search and Dashboard.\n\nSankey diagrams show metric flows and category relationships. You can use a Sankey diagram to visualize relationship density and trends.\n\nA Sankey diagram shows category nodes on vertical axes. Fluid lines show links between source and target categories. Link width indicates relationship strength between a source and target.\n\n\n(c) 2016-2020 Splunk Inc. All Rights Reserved.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5b11e31c-da03-11eb-803f-02860ecfd319.png","is_archived":false,"product_types":["enterprise","cloud"],"rating":{"count":10,"average":5},"support":"splunk","title":"Splunk Sankey Diagram - Custom Visualization","app_type":"app"},{"id":3449,"by":"Splunk LLC","description":"The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.\n\nSecurity Content consists of tactics, techniques, and methodologies that help with detection, investigation, and response. Security Content enables security teams to directly operationalize detection searches, investigative searches, and other supporting details. ESCU can generate Notable/Risk Events in Splunk Enterprise Security. Security Content also contains easy-to-read background information and guidance, for key context on motivations and risks associated with attack techniques, as well as pragmatic advice on how to combat those techniques.\n\nThe analytic stories and their searches are also available at - https://github.com/splunk/security_content.","icon_url":"https://cdn.splunkbase.splunk.com/media/public/icons/5d34bbf4-a216-11ef-aae7-7278c375fca5.png","is_archived":false,"product_types":["enterprise","es","cloud"],"rating":{"count":24,"average":5},"support":"splunk","title":"Splunk ES Content Update","app_type":"addon"}]},"__N_SSG":true},"page":"/","query":{},"buildId":"DIQkgqsiXVEQ-b6OD8rd6","assetPrefix":"https://cdn.splunkbase.splunk.com","isFallback":false,"isExperimentalCompile":false,"gsp":true,"scriptLoader":[{"src":"https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js","strategy":"afterInteractive"},{"src":"https://cdn.cookielaw.org/scripttemplates/otSDKStub.js","type":"text/javascript","charSet":"UTF-8","data-domain-script":"9ff638b7-8097-449d-9741-7b3c526b0da7","strategy":"afterInteractive"},{"id":"cookie_snippet","type":"text/javascript","strategy":"afterInteractive","children":"\n function OptanonWrapper() { }\n "},{"id":"gtm_script","strategy":"afterInteractive","children":"\n (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':\n new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],\n j=d.createElement(s),dl=l!='dataLayer'?'\u0026l='+l:'';j.async=true;j.src=\n 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);\n })(window,document,'script','dataLayer','GTM-TPV7TP');\n "}]}</script></body></html>