SecKit_SA_idm_windows
This purpose of this Splunk add on is to provide foundational tools and routines for the population of assets and identities in the Enterprise Security and PCI applications for Splunk.
Read The Docs
[Repository] (https://bitbucket.org/SPLServices/seckit_sa_idm_windows)
-Resolve issue with expiring accounts
-Updates for SplunkWorks
-App cert fixes
Migration to bin try for build releases https://bintray.com/splservices/seckit_idm/seckit_sa_idm_windows/
Minor fixes https://bitbucket.org/SPLServices/seckit_sa_idm_windows/commits/
-Fixes for Cert
-Bug fixes
Fixed an error in the new transforms.conf entry for title lookup
New Feature
New lookup permitting the addition of categories and priority based on the title field in AD
WARNING BREAKING CHANGES
The index restriction macros have been aligned with the updated windows and nix recommendations in the SecKit_TA project. After upgrade verify the following macros conform to the location of your events
[seckit_idm_windows_adindex]
definition = index=msad
[seckit_idm_windows_nixscripts_adindex]
definition = (index=os OR index=systems)
[seckit_idm_windows_winhostmon_adindex]
definition = index=windows
[seckit_idm_windows_winscripts_adindex]
definition = index=oswinscript
[seckit_idm_windows_winevents_adindex]
definition = index=wineventlog
-Update to allow identities build with customized bunit via macro
-More efficient use of DNS data for IP resolution
-change category osclass to os_class
-Missing role_priority from enrichment lookup
-Additional OS types supported
-Optional support for ES 4.5 multi value IP
Requires SecKit_SA_idm_common_2.1.0 or higher
Support for multi value ip and mac fields in assets
Enhanced the assets query to make better use of stats for speed
-Added priority based on org for windows assets
-Updated macro to use the correct index name by default
-Certification Fix for managed configurations
-Fixes for certification
-Remove support for WinHostMon:Applications
-Additional Support for PCI app
-Apply categories and priority based on business unit for identities
-Apply categories and priority based on organizational unit for assets
-Cleanup macros
-duplicate noop macro definition removed
TKO Release
Bugfixes
Version 1.1.0 Release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.