| PAVO Vulnerabilities App For Splunk |
This app provides Splunk dashboards, forms, and reports which can be used to explore your vulnerability events, and make sense of what can often be a large volume of data. |
| PAVO Web Proxies App For Splunk |
In many organizations, web proxies separate users from the Web at large. User web activity can often be a good indicator of possible compromise, phishing attempts, abuse, and outdated software. This app provides Splunk dashboards, forms, and reports which can be used to explore your web proxy events, and make sense of what can often be a large volume of data. |
| PAVO Authentication App for Splunk |
Most sourcetypes contain authentication events of some sort. This app provides Splunk dashboards, forms, and reports which can be used to explore your authentication events across your different sourcetypes. |
| PAVO DNS App for Splunk |
Most sourcetypes contain DNS events of some sort. This app provides Splunk dashboards, forms, and reports which can be used to explore your DNS events across your different sourcetypes. |
| PAVO Endpoint App for Splunk |
Most sourcetypes contain endpoint events of some sort. This app provides Splunk dashboards, forms, and reports which can be used to explore your endpoint events across your different sourcetypes. |
| PAVO Getwatchlist Add-On |
Getwatchlist is a custom search command for Splunk which will return a CSV formatted list from a URL. This is useful for creating lookup tables and keeping them up to date from external or internal sources. These watchlists can contain virtually anything such as domain names, IP addresses, host names, email addresses, filenames, etc. and can then be used in searches against your events. These watchlists can be in any delimited format (tab, comma, space, etc.). |
| PAVO Intrusion App for Splunk |
This app provides Splunk dashboards, forms, and reports which can be used to explore your IDS events across your different sourcetypes. |
| PAVO Malware App for Splunk |
This app provides dashboards and reports based on events from anti-malware systems. |
| PAVO Network Traffic App for Splunk |
Very often, network traffic events can provide a lot of information about misconfigurations, potential attacks, and user activity. This app provides searches and dashboards based on the Splunk Common Information Model to help provide insight into your network traffic. |
| Custom Viz - Donut |
The donut chart is a variation of the standard pie chart. This chart will display results as a percentage of the whole. |
| Custom Viz – Scatterplot Matrix |
The scatterplot matrix visualization allows comparison between numeric sets of data, giving a rough idea if there is a linear correlation between multiple fields. The scatterplot matrix consists of Rows and Columns of individual Scatterplots that plot an X and a Y value. These values come from the fields sent from the search bar. |
| Google Workspace for Splunk |
This App pulls the data from your Google Workspace Domain using service credentials. Please read the instructions CAREFULLY, and promptly report issues to the author. |
| SPLReplay |
The SPL Replay Add-On allows the dispatch and execution of pre-set searches within a Splunk environment. This facilitates the ability to run production searches in a test or development environment. |
| TA-browscap |
This technology add-on provides a dynamic lookup to add fields to user agent (browser) data. |
| TA-user_agents |
This Add-on provides a dynamic lookup for parsing User Agent strings. This version was built to be faster, and does not require internet access from your Splunk systems. |
| Technology Add-on for Cisco Secure Access Control Server (ACS) |
This app provides CIM field extractions, eventtypes and tags for Cisco ACS events. |