Splunk

Splunk is a leading SIEM platform that aggregates, indexes, and analyzes machine data from across the enterprise, enabling real-time threat detection, security analytics, and incident investigation through powerful search and correlation capabilities

Category: SIEM & Analytics
Homepage: https://www.splunk.com
Tags: siem, log-analysis, security-analytics, threat-detection, correlation

Subscription Information

Registration Required: No
Subscription Required: No
Free Subscription Available: Yes

Analyzers (11)

Splunk_Search_Other `v3.0`

Execute a savedsearch on a Splunk instance with an unidentified data as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: other
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_other.json (raw)

Splunk_Search_Registry `v3.0`

Execute a savedsearch on a Splunk instance with a registry data as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: registry
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_registry.json (raw)

Splunk_Search_Mail_Subject `v3.0`

Execute a savedsearch on a Splunk instance with a mail subject as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: mail_subject, mail-subject
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_mail_subject.json (raw)

Splunk_Search_File_Filename `v3.0`

Execute a savedsearch on a Splunk instance with a file/filename as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: file, filename
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_file_filename.json (raw)

Splunk_Search_User_Agent `v3.0`

Execute a savedsearch on a Splunk instance with a user agent as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: user-agent
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_user_agent.json (raw)

Splunk_Search_Mail_Email `v3.0`

Execute a savedsearch on a Splunk instance with a mail/email as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: mail, email
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_mail_email.json (raw)

Splunk_Search_IP `v3.0`

Execute a savedsearch on a Splunk instance with an IP as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: ip
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_ip.json (raw)

Splunk_Search_Hash `v3.0`

Execute a savedsearch on a Splunk instance with a hash as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: hash
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_hash.json (raw)

Splunk_Search_Domain_FQDN `v3.0`

Execute a savedsearch on a Splunk instance with a domain or a FQDN as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: domain, fqdn
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_domain_fqdn.json (raw)

Splunk_Search_User `v3.0`

Execute a savedsearch on a Splunk instance with a user ID as argument

Author: LetMeR00t
License: AGPL-V3
Data Types: other
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_user.json (raw)

Splunk_Search_URL_URI_Path `v3.0`

Execute a savedsearch on a Splunk instance with an URL or a URI path as argument

Author: Unit777, LetMeR00t
License: AGPL-V3
Data Types: url, uri_path
Configuration: .upstream/cortex/analyzers/Splunk/Splunk_Search_url_uri_path.json (raw)

Functions (1)

createAlertFromSplunk `v1.0.0`

This function creates a TheHive Alert based on an input coming from Splunk, and matches the Splunk fields to TheHive fields. In Splunk, you'll need to configure the webhook URL to point to the TheHive function URL

Kind: function
Mode: Enabled
File: integrations/vendors/Splunk/thehive/functions/function_API_createAlertFromSplunk.js (raw)

External Integrations (2)

External integrations that connect Splunk with TheHive:

TheHive/Cortex Technical Add-on

Bidirectional integration add-on that pulls case and alert events from TheHive, retrieves Cortex job information, and enables creating alerts/cases and executing functions in TheHive directly from Splunk searches and dashboards

Type: technical-addon Documentation: https://splunkbase.splunk.com/app/5329

TheHive SOAR Connector

Official Splunk SOAR connector with 16 actions for case management, task operations, observable handling, and TTP tracking to automate incident response workflows between Splunk and TheHive

Type: soar-connector Documentation: https://splunkbase.splunk.com/app/5939

Statistics

Total Analyzers: 11
Total Responders: 0
Total Functions: 1
Total External Integrations: 2
Total Integrations: 14

This file is auto-generated from the integration manifest. Do not edit manually.

Splunk

Subscription Information​

Analyzers (11)​

Splunk_Search_Other v3.0​

Splunk_Search_Registry v3.0​

Splunk_Search_Mail_Subject v3.0​

Splunk_Search_File_Filename v3.0​

Splunk_Search_User_Agent v3.0​

Splunk_Search_Mail_Email v3.0​

Splunk_Search_IP v3.0​

Splunk_Search_Hash v3.0​

Splunk_Search_Domain_FQDN v3.0​

Splunk_Search_User v3.0​

Splunk_Search_URL_URI_Path v3.0​

Functions (1)​

createAlertFromSplunk v1.0.0​

External Integrations (2)​

TheHive/Cortex Technical Add-on​

TheHive SOAR Connector​

Statistics​