icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading SecKit Windows Assets Add-on for Splunk Enterprise Security
SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_304ra988ca6.tgz) 3f767046f154933b8abb017f7ae002fa7911fca4a5ffcf04307ec9ca714240dc SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_260r389df76.tgz) 78ee6dfda8ad2380a1e0556ef4a33d6c0777f352ca8119761e0cde32e9ff5dd0 SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_252d67a4e40.tgz) 3ccb6d3f57579fc0838e5c667e9e38aec7473469716e106875b0c0420af292be SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_251r5a9f0af.tgz) 0d9624e499e8bac491e9fb1d1cacb9f5fefb1091fc97a35ac9d83f1008ea89df SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_250rf4e16a6.tgz) 2ea3ef0b3e157ec63c3268cf1a3e374732d4fe542fc923e497ca27087ea00a32 SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_245.tgz) 05da6019c721a30b60b6566ecabbaf1575e72c88dba40acc022cf3d349ddb5bd SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_244.tgz) fe3c42bf9ada73dc32a5d02a7a8d5b94c193e822c0d780d5e5d0179162f7c6be SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_243.tgz) cf86b480437ae01e70988a9aecf3260d526e52124156a9014b0862da5177d7d0 SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_242.tgz) 10fe6b8d38b6540caaffed9ce6704534774b21f9c496624bb2e602755aa68e3b SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_241.tgz) b631d226518558cb0ddc88ec3056aba202886c543c1d564d5c1914f479385d6b SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_231.tgz) 8e0a24c1e073dd8f5567d7d8ba16f790a446a2ad682f69adf0062c853a0f3e4d SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_225.tgz) b45336922b6331a67dec90c6d95dc9b27a2dd666e7ff85945d92a8de7ca530b3 SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_221.tgz) b21db6e6c7cc66c4459760bcf6a40270da99613f73499aceea8ff9e5fa6d4edc SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_213.tgz) 11afc1b78b86a4572828a503538e49b42b2eacbac645ae4e8d25513f98430c9f SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_212.tgz) 7bc43e26fe16c05b9b5a9e320fd3505102cd23a60e28dab8856462801d19afff SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_211.tgz) ffa44cc210538ae9cbfbbfba06c30adedd19988c10be91d58578972c373ba4ea SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_203.tgz) 12b203e935e5515c357a4a882eb97027383dac6201b4b0ddbffd5ece61ec5e8f SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_120.tgz) 66991d6f04fc6eeadd247841b04587c0beecd6fc75f2fb7061002d43f7dedd3c SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_112.tgz) c76e4e4f1b4d0c282b0cd86202da2c8085d803e67c5f782f7cfc9b0c9cbdb709 SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_111.tgz) 4a042bb61dc8d3aa6cb78bd6c3083354939579e762419f785ac935998ced2d85 SHA256 checksum (seckit-windows-assets-add-on-for-splunk-enterprise-security_110.tgz) 51c5e44bf7c7e377dcee502a41c34685ba1bc178828c81a4ea434cc0e30cae19
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

SecKit Windows Assets Add-on for Splunk Enterprise Security

Splunk Cloud
Splunk Labs
This app is NOT supported by Splunk. Please read about what that means for you here.
Overview
Details
This plugin to the SecKit Windows Add-on extracts feature rich asset and identity data from Active Directory using the ActiveDirectory input of Splunk add on for Windows. Using build in lookup and user definable macros you can build a reliable repeatable process for defining assets and identities.

Version 2.x is considered stable
Version 3.x is appropriate for New implementations with experienced administrators

Security Kit

Identity Management windows Components

SecKit_SA_idm_windows

Introduction

This purpose of this Splunk add on is to provide foundational tools and routines for the population of assets and identities in the Enterprise Security and PCI applications for Splunk.

Docs

Read The Docs
[Repository] (https://bitbucket.org/SPLServices/seckit_sa_idm_windows)

Release Notes

Version 3.0.4Ra988ca6
Oct. 25, 2018
  • Major release please read the doc https://seckit.readthedocs.io/projects/seckit-sa-idm-common
  • Publishing Docs on Read the Docs
  • Use of collections where possible to improve performance in SHC
  • Use of first time run searches to ensure a smooth experience in Splunk Cloud
  • Improved default scheduled search configuration
  • Improved out of box experience "zero config" getting started
  • Leveraging Splunk Enterprise Security content management for all enrichment lookups.
Version 2.6.0R389df76
Aug. 20, 2018

-Resolve issue with expiring accounts
-Updates for SplunkWorks

Version 2.5.2D67a4e40
May 17, 2018
Version 2.5.1R5a9f0af
April 18, 2018

-App cert fixes

Version 2.5.0Rf4e16a6
April 17, 2018
  • Translate managedBY from CN to email
  • New Build System
  • Bug Fixes
Version 2.4.5
July 22, 2017
Version 2.4.4
May 11, 2017

-Fixes for Cert

Version 2.4.3
May 10, 2017

-Bug fixes

Version 2.4.2
March 3, 2017

Fixed an error in the new transforms.conf entry for title lookup

Version 2.4.1
March 3, 2017

New Feature
New lookup permitting the addition of categories and priority based on the title field in AD

WARNING BREAKING CHANGES
The index restriction macros have been aligned with the updated windows and nix recommendations in the SecKit_TA project. After upgrade verify the following macros conform to the location of your events
[seckit_idm_windows_adindex]
definition = index=msad

[seckit_idm_windows_nixscripts_adindex]
definition = (index=os OR index=systems)

[seckit_idm_windows_winhostmon_adindex]
definition = index=windows

[seckit_idm_windows_winscripts_adindex]
definition = index=oswinscript

[seckit_idm_windows_winevents_adindex]
definition = index=wineventlog

Version 2.3.1
Feb. 9, 2017

-Update to allow identities build with customized bunit via macro

Version 2.2.5
Nov. 2, 2016

-More efficient use of DNS data for IP resolution
-change category osclass to os_class
-Missing role_priority from enrichment lookup
-Additional OS types supported
-Optional support for ES 4.5 multi value IP

Version 2.2.1
Oct. 3, 2016

Requires SecKit_SA_idm_common_2.1.0 or higher
Support for multi value ip and mac fields in assets
Enhanced the assets query to make better use of stats for speed

Version 2.1.3
Sept. 21, 2016

-Added priority based on org for windows assets
-Updated macro to use the correct index name by default

Version 2.1.2
Sept. 20, 2016

-Certification Fix for managed configurations

Version 2.1.1
Sept. 19, 2016

-Fixes for certification
-Remove support for WinHostMon:Applications
-Additional Support for PCI app

Version 2.0.3
Sept. 1, 2016
Version 1.2.0
March 25, 2016

-Apply categories and priority based on business unit for identities
-Apply categories and priority based on organizational unit for assets
-Cleanup macros

Version 1.1.2
Feb. 23, 2016

-duplicate noop macro definition removed

Version 1.1.1
Feb. 21, 2016

TKO Release
Bugfixes

Version 1.1.0
Feb. 13, 2016

Version 1.1.0 Release


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.