Splunk

Splunk is a leading SIEM platform that aggregates, indexes, and analyzes machine data from across the enterprise, enabling real-time threat detection, security analytics, and incident investigation through powerful search and correlation capabilities
Category: SIEM & Analytics
Homepage: https://www.splunk.com
Tags: siem, log-analysis, security-analytics, threat-detection, correlation
Subscription Information
- Registration Required: No
- Subscription Required: No
- Free Subscription Available: Yes
Analyzers (11)
Splunk_Search_Other v3.0
Execute a savedsearch on a Splunk instance with an unidentified data as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
other - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_other.json (raw)
Splunk_Search_Registry v3.0
Execute a savedsearch on a Splunk instance with a registry data as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
registry - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_registry.json (raw)
Splunk_Search_Mail_Subject v3.0
Execute a savedsearch on a Splunk instance with a mail subject as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
mail_subject,mail-subject - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_mail_subject.json (raw)
Splunk_Search_File_Filename v3.0
Execute a savedsearch on a Splunk instance with a file/filename as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
file,filename - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_file_filename.json (raw)
Splunk_Search_User_Agent v3.0
Execute a savedsearch on a Splunk instance with a user agent as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
user-agent - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_user_agent.json (raw)
Splunk_Search_Mail_Email v3.0
Execute a savedsearch on a Splunk instance with a mail/email as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
mail,email - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_mail_email.json (raw)
Splunk_Search_IP v3.0
Execute a savedsearch on a Splunk instance with an IP as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
ip - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_ip.json (raw)
Splunk_Search_Hash v3.0
Execute a savedsearch on a Splunk instance with a hash as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
hash - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_hash.json (raw)
Splunk_Search_Domain_FQDN v3.0
Execute a savedsearch on a Splunk instance with a domain or a FQDN as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
domain,fqdn - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_domain_fqdn.json (raw)
Splunk_Search_User v3.0
Execute a savedsearch on a Splunk instance with a user ID as argument
- Author: LetMeR00t
- License: AGPL-V3
- Data Types:
other - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_user.json (raw)
Splunk_Search_URL_URI_Path v3.0
Execute a savedsearch on a Splunk instance with an URL or a URI path as argument
- Author: Unit777, LetMeR00t
- License: AGPL-V3
- Data Types:
url,uri_path - Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_url_uri_path.json (raw)
Functions (1)
createAlertFromSplunk v1.0.0
This function creates a TheHive Alert based on an input coming from Splunk, and matches the Splunk fields to TheHive fields. In Splunk, you'll need to configure the webhook URL to point to the TheHive function URL
- Kind: function
- Mode: Enabled
- File: integrations/vendors/Splunk/thehive/functions/function_API_createAlertFromSplunk.js (raw)
External Integrations (2)
External integrations that connect Splunk with TheHive:
TheHive/Cortex Technical Add-on
Bidirectional integration add-on that pulls case and alert events from TheHive, retrieves Cortex job information, and enables creating alerts/cases and executing functions in TheHive directly from Splunk searches and dashboards
Type: technical-addon Documentation: https://splunkbase.splunk.com/app/5329
TheHive SOAR Connector
Official Splunk SOAR connector with 16 actions for case management, task operations, observable handling, and TTP tracking to automate incident response workflows between Splunk and TheHive
Type: soar-connector Documentation: https://splunkbase.splunk.com/app/5939
Statistics
- Total Analyzers: 11
- Total Responders: 0
- Total Functions: 1
- Total External Integrations: 2
- Total Integrations: 14
This file is auto-generated from the integration manifest. Do not edit manually.