Aplura Splunk Apps

In addition to hundreds of non-public Splunk apps used by our clients, we also develop and maintain many Splunk apps freely available on Splunkbase. Here are a few highlights:

Public Apps for Commercial Clients

App Description Certified
Campus Compliance Toolkit for NIST 800-171 This app is designed to assist organizations with reaching compliance
with the NIST 800-171 standards. Where Splunk can be applied to these
standards, dashboards have been created using the Common Information
Model for normalizing event data.

More information on Splunk Blogs.

Yes
NetSkope App for Splunk The Netskope App For Splunk allows a Splunk Enterprise administrator to integrate with the Netskope API and pull security events.  Yes
Cyphort For Splunk Cyphort For Splunk allows a Splunk® Enterprise administrator to integrate with the Cyphort Advanced intrusion detection API and pull the relevant incidents.  Yes
Gigamon Visibility App For Splunk The Gigamon Visibility App for Splunk allows a Splunk® Enterprise administrator to collect, store, visualize, and analyze the Gigamon Visibility Fabric.
Gigamon IPFIX Metadata Application For Splunk The Gigamon IPFIX Metadata Application for Splunk provides knowledge objects and documentation to help the Splunk and Gigamon administrators parse and consume Custom Gigamon IANA IPFIX elements.
LANGuardian App for Splunk  The LANGuardian App For Splunk consumes individual reports via API from Netfort’s LANGuardian.  Yes

Other Public Apps By Aplura Staff

App Description Certified
Intrusion App for Splunk This app provides Splunk dashboards, forms, and reports which can be used to explore your IDS events across your different sourcetypes.  Yes
Malware App for Splunk This app provides dashboards and reports based on events from anti-malware systems.  Yes
Authentication App for Splunk Most sourcetypes contain authentication events of some sort. This app provides Splunk dashboards, forms, and reports which can be used to explore your authentication events across your different sourcetypes.  Yes
Network Traffic App for Splunk Very often, network traffic events can provide a lot of information about misconfigurations, potential attacks, and user activity. This app provides searches and dashboards based on the Splunk Common Information Model to help provide insight into your network traffic.  Yes
App for Web Proxies In many organizations, web proxies separate users from the Web at large. User web activity can often be a good indicator of possible compromise, phishing attempts, abuse, and outdated software. This app provides Splunk dashboards, forms, and reports which can be used to explore your web proxy events, and make sense of what can often be a large volume of data.
App for Vulnerabilities This app provides Splunk dashboards, forms, and reports which can be used to explore your vulnerability events, and make sense of what can often be a large volume of data.
Google Apps For Splunk This App pulls the data from your Google Apps for Work Domain using OAuth2 specifications. Please read the instructions CAREFULLY, and promptly report issues to the author.
TA for Wunderground This TA is designed to pull in Wunderground weather data using the API.
Roost Roost provides a modular input to gather data from your Nest Thermostat.
TA-deltaby This TA adds an additional search command “deltaby”. So you can take your similar events, and delta by another field and have it calculate correctly.
Key Performance Indicators  The TA_KPI Add-on utilizes the KV Store to store SLAs as defined by you. You can access the configuration dashboard by loading the configuration dashboard “configure_kpi”. You can add and delete SLAs that are tied to an eventtype. Modify will come later, as will more complicated SLA configurations. The only SLA supported for now is the “Compare the event value to the defined value” type of SLA.
TA-user_agents This Add-on provides a dynamic lookup for parsing User Agent strings. This version was built to be faster, and does not require internet access from your Splunk systems.  Yes
Data Onboarding This app assists in onboarding new data. It includes searches to examine indexes, sourcetypes, hosts, and data models to ensure that your data is being onboarded correctly. See Aplura’s Splunk Data Onboarding Cheatsheet for more ideas.
domainCategories This app will allow you to add category classifications to data with domains. For example, if you are using something like urlsnarf to capture HTTP requests, you can use this app to add domain categories, much like you might see in commercial web proxy data.
Getwatchlist Getwatchlist is a custom search command for Splunk which will return a CSV formatted list from a URL. This is useful for creating lookup tables and keeping them up to date from external or internal sources. These watchlists can contain virtually anything such as domain names, IP addresses, host names, email addresses, filenames, etc. and can then be used in searches against your events. These watchlists can be in any delimited format (tab, comma, space, etc.).
TA-barracuda_webfilter This technology add-on provides CIM compliant field extractions, eventtypes and tags for Barracuda Webfilter devices.
TA-browscap This technology add-on provides a dynamic lookup to add fields to user agent (browser) data.
TA-dragon-ips This Technology Add-on provides CIM compliant field extractions, eventtypes and tags for data from Dragon IPS devices.
Technology Add-on for Cisco Secure Access Control Server (ACS) This app provides CIM field extractions, eventtypes and tags for Cisco ACS events.
ES Validation This is an app to assist in installing, migrating and performing health checks for Splunk Enterprise Security. Validating that data is populating the data models correctly can take time. The goal of this application is to make that process a little easier. There are dashboards to help audit correlation searches and trackers too.