Splunk App for Enterprise Security
A single solution to detect known threats and look for unknown threats through analysis of massive volumes of activity data.
Splunk for McAfee Web Gateway
This app adds some SIEM features to MWG, allows fast incident response, facilitates troubleshooting and log search. Currently there are 60 different charts and tables grouped in 10 views This App requires Splunk v6+ Tested with McAfee Web Gateway v7.3, v7.4. For older versions (incl. Webwasher v6.x) some modifications of props.conf and log structure may be required. Installation: 1. Extract the file MWGaccesslog_for_Splunk.xml (located in MWG7 folder) from the application package. 2. Import MWGaccesslog_for_Splunk.xml in MWG7 into the Default Log Handler - it will create a new log file with the required fields. 3. Install the App. 4. From the App, go to Settings > Data inputs and configure Log Input; define the sourcetype "MWGaccesslog" manually. Contact: email@example.com
S.o.S - Splunk on Splunk
Splunk on Splunk (S.o.S) is an app that turns Splunk's diagnostic tools inward to analyze and troubleshoot problems in your Splunk environment. It contains views and tools that allow you to do the following: * View, search and compare Splunk configuration files. * Detect and expose errors and anomalies in your installation, including inspection of crash logs. * Measure indexing performance and expose event processing bottlenecks. * View details of scheduler and user-driven search activity. * Analyze data volume metrics captured by Splunk. The SoS app has been developed primarily by the Splunk Support team, with the help of Splunk Dev, Splunk Docs, and Sideview LLC (http://sideviewapps.com).