icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

End User License Agreement for Third-Party Content

Splunk Websites Terms and Conditions of Use

Thank You

Downloading Perseus - An Analyst-Friendly IR App
SHA256 checksum (perseus-an-analyst-friendly-ir-app_165.tgz) 46f49686f7df1016b2aaaf8fe4ff41c4e202c24bd94a3254b009ae6000743437 SHA256 checksum (perseus-an-analyst-friendly-ir-app_164.tgz) 642dfd9c602fa0e465af51b05e52eb7dc21c404893f65c3ef77339d5b758b6f6 SHA256 checksum (perseus-an-analyst-friendly-ir-app_163.tgz) aa0fbeeccc80fdf8233c7d607fa21f8c25c1fbaa9565f914e3fbf7ff9c4db008 SHA256 checksum (perseus-an-analyst-friendly-ir-app_162.tgz) faf3697752349ec58e816c9d748ffb294764017d7cccab4777af4574ded35a75 SHA256 checksum (perseus-an-analyst-friendly-ir-app_161.tgz) 05215f2d1e25520be90ebf8bf2ed3a97a041f10127b5af2afa5a69acb186b749 SHA256 checksum (perseus-an-analyst-friendly-ir-app_160.tgz) 6a17eb41c1310b585a3b8c8a2fd4bae7bfddff5912f0a9f2ac8760df8650290b SHA256 checksum (perseus-an-analyst-friendly-ir-app_158.tgz) a48721d30ea69a07721ca1fa6af065b6ae288e8d629a8da6cfe7437ff7a0c2d3 SHA256 checksum (perseus-an-analyst-friendly-ir-app_157.tgz) f89147af8ff026d4bff6539f7bd53a97c6dc301a7093e50e7d56a93ee97d5994 SHA256 checksum (perseus-an-analyst-friendly-ir-app_156.tgz) 86333a3e692b32840a7e6b9a071d135e5bda1694c4601b98f56c3ab984920568 SHA256 checksum (perseus-an-analyst-friendly-ir-app_155.tgz) 5768fc92c3417a549d6437e7faf2003efab73b97f5c61bed71407be39c01728a SHA256 checksum (perseus-an-analyst-friendly-ir-app_154.tgz) 98e14178d9e3689c182c5aa52efa13a5d6a6f635b58917e64b85eaec1a4106c5 SHA256 checksum (perseus-an-analyst-friendly-ir-app_153.tgz) 24914a18ec0208f399a5c349d168b4fad4c05ad8367dd117fe863320115ebdb6 SHA256 checksum (perseus-an-analyst-friendly-ir-app_151.tgz) 36f748f8f8cab9126d90bec93062d99024e16fc94a12f4deb66bc88a3df6477d SHA256 checksum (perseus-an-analyst-friendly-ir-app_150.tgz) e141d2cc9b689f5d32978f1cb8aa9db341c25e4eda4cb30bc1f2ff1af74b464c SHA256 checksum (perseus-an-analyst-friendly-ir-app_144.tgz) b025c072079d90fa671b005f828ce63bbfc66d80806026af1c4c5df73b2c9d13 SHA256 checksum (perseus-an-analyst-friendly-ir-app_1431.tgz) 7fb637aaed502316191530520d46951fbb850decebc526fc3fe3423ea8ee3088 SHA256 checksum (perseus-an-analyst-friendly-ir-app_143.tgz) 8e661750f9d9827ce31810f93b5d94153b09db61d6f327735e533ca24535bd3f SHA256 checksum (perseus-an-analyst-friendly-ir-app_142.tgz) 272e195c8de6855b7f9606a9f2407f5883128e1d6ffa28d4bfb039fb90825f82 SHA256 checksum (perseus-an-analyst-friendly-ir-app_141.tgz) 243c310ba3f3f0aa7e7362edbdff5a8a451f4ee1d2aac7f7c056c786a61ad9ec SHA256 checksum (perseus-an-analyst-friendly-ir-app_140.tgz) 10f78f8bb5f3f3d7185c77d0f1bb7939fdaf7ce79f7637b99a2deca8974c37d5
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate
splunk

Perseus - An Analyst-Friendly IR App
This app has been archived. Learn more about app archiving.
This app is NOT supported by Splunk. Please read about what that means for you here.
Overview
Details
Perseus is an incident response app designed to save you time conducting investigations. This version of Perseus comes pre-loaded with real data from a case study so you can quickly see how Perseus can help make an impact for your organization.

See "Details" for install instructions and more information on how to use Perseus with your production data.

Installation Instructions

Single Splunk Search Head

You can either install Perseus directly by clicking the "Browse for apps" button on the Manage Apps page, searching for Perseus, and clicking the "Install" button. Or you can download Perseus from the Splunkbase and install it by clicking the "Install app from file" button on the Manage Apps page.

Splunk Search Head Cluster

To install the Perseus app to a Search Head Cluster, you must use the Deployer. You have three options for how to install Perseus:

1.) Follow the instructions here for deploying a Splunk App with the Deployer: https://docs.splunk.com/Documentation/Splunk/latest/DistSearch/PropagateSHCconfigurationchanges

2.) You can download the production version of Perseus (see "How to Use Perseus" for more info) which comes with a deployment wizard that automates installation of Perseus into your environment. Please Note: This will install the production version of Perseus that does not come pre-loaded with the case study data.

3.) You may find it easiest to setup a stand-alone Splunk server and follow the "Single Splunk Search Head" instructions above. A stand-alone Splunk server can be installed in minutes. You can download a free trial here: https://www.splunk.com/en_us/download/splunk-enterprise.html

How to Use Perseus

There are two versions of Perseus. The production version of Perseus allows you to process data from your environment to help you save time investigating incidents. It offers an automated deployment wizard that can install and configure Perseus in under 10 minutes. It comes with a 30 day trial license (60 days if you register) which allows you to process data from an unlimited number of hosts. After that, you can either purchase a license or continue using it for free. if you do not purchase a license, Perseus will be limited to processing data from 50 hosts per day. You can download the production version of Perseus at: https://PerseusSec.com/download-wizard/.

This version of the Perseus is the Perseus Demo. It contains real data from a case study so you can familiarize yourself with Perseus before you collect data from your own environment. While you're welcome to explore it on your own, it's recommended you step through the Perseus Demo Walkthrough to quickly learn about the capabilities of Perseus: https://PerseusSec.com/documentation/perseus-demo-walkthrough/. When you're ready to start using Perseus to help investigate incidents in your environment, download the production version of Perseus at: https://PerseusSec.com/download-wizard/

Release Notes

Version 1.6.5
Oct. 28, 2020

New In 1.6.5:

  • Update to the "Start Investigating" Dashboard Powershell Script that allows you to better highlight recent changes that have taken place on your Windows host

New In 1.6.X:

  • Explore Your Own Data Using Perseus: The Perseus Demo now allows you to gather and upload data from one of your Windows hosts so you can explore your own data inside Perseus. Open the "Start Investigating" Dashboard to begin.

  • UI Enhancements to Recollection Dashboard for Timeline-based Investigations
Version 1.6.4
Sept. 29, 2020

New In 1.6.4:

  • Updates to the "Start Investigating" Dashboard and Perseus Demo Server

New In 1.6.X:

  • Explore Your Own Data Using Perseus: The Perseus Demo now allows you to gather and upload data from one of your Windows hosts so you can explore your own data inside Perseus. Open the "Start Investigating" Dashboard to begin.

  • UI Enhancements to Recollection Dashboard for Timeline-based Investigations
Version 1.6.3
July 15, 2020

New In 1.6.3:

  • The script to collect data from your Windows host will now prompt for your email address if the initial upload to the Perseus-as-a-Service Demo Server failed in case you want to optionally receive confirmation that your data has been deleted from the Perseus server

New In 1.6.X:

  • Explore Your Own Data Using Perseus: The Perseus Demo now allows you to gather and upload data from one of your Windows hosts so you can explore your own data inside Perseus. Open the "Start Investigating" Dashboard to begin.

  • UI Enhancements to Recollection Dashboard for Timeline-based Investigations
Version 1.6.2
July 7, 2020

New In 1.6.2:

  • The script to collect data from your Windows host will now prompt for your email address if the initial upload to the Perseus-as-a-Service Demo Server failed in case you want to optionally receive confirmation that your data has been deleted from the Perseus server

New In 1.6.X:

  • Explore Your Own Data Using Perseus: The Perseus Demo now allows you to gather and upload data from one of your Windows hosts so you can explore your own data inside Perseus. Open the "Start Investigating" Dashboard to begin.

  • UI Enhancements to Recollection Dashboard for Timeline-based Investigations
Version 1.6.1
June 28, 2020

New In 1.6.1:

  • Recollection Dashboard Walkthrough: After you've uploaded data from one of your own hosts using the "Start Investigating" Dashboard, you may want some guidance on how to use the Recollection Dashboard to assist in your investigations. You'll now find a link to a walkthrough containing some suggestions on the Recollection Dashboard (https://www.perseussec.com/documentation/recollection/).

New In 1.6.X:

  • Explore Your Own Data Using Perseus: The Perseus Demo now allows you to gather and upload data from one of your Windows hosts so you can explore your own data inside Perseus. Open the "Start Investigating" Dashboard to begin.

  • UI Enhancements to Recollection Dashboard for Timeline-based Investigations
Version 1.6.0
June 25, 2020

New In 1.6.0:

  • Explore Your Own Data Using Perseus: The Perseus Demo now allows you to gather and upload data from one of your Windows hosts so you can explore your own data inside Perseus. Open the "Start Investigating" Dashboard to begin.

  • UI Enhancements to Recollection Dashboard for Timeline-based Investigations
Version 1.5.8
June 10, 2020

New In 1.5.X:
- New Recollection Dashboard for Timeline-based Investigations
- Splunk 8.0 Support
- Python 3.7 Support
- Performance Enhancements

New in 1.5.8:
- Added Recollection Event Changes Tracking: As you drag the Timeline Slider, the Treeview will highlight registry, file system, and forensic locations that were modified since your last selected time interval so you can better track what's changed.
Version 1.5.7
June 2, 2020

New In 1.5.X:
- New Recollection Dashboard for Timeline-based Investigations
- Splunk 8.0 Support
- Python 3.7 Support
- Performance Enhancements

New in 1.5.7:
- Minor Updates to Recollection Event Caching
Version 1.5.6
May 27, 2020

New In 1.5.X:
- New Recollection Dashboard for Timeline-based Investigations
- Splunk 8.0 Support
- Python 3.7 Support
- Performance Enhancements

New in 1.5.6:
- Recollection Event Caching: Perseus now supports caching of events on the Recollection Dashboard to improve performance when modifying the selected time interval or changing the selected overlay
Version 1.5.5
May 19, 2020

New In 1.5.X:
- New Recollection Dashboard for Timeline-based Investigations
- Splunk 8.0 Support
- Python 3.7 Support
- Performance Enhancements

New in 1.5.5:
- Recollection Timeline Overlay: Make a selection from the Overlay dropdown to see where events of the selected type appear in the timeline to more quickly determine where to focus your investigation
Version 1.5.4
May 12, 2020

New In 1.5.X:
- New Recollection Dashboard for Timeline-based Investigations
- Splunk 8.0 Support
- Python 3.7 Support
- Performance Enhancements

New in 1.5.4:
- Recollection Forensic Location Hiding: Click the icon of any of the "[Forensic Locations]" in the Recollection Treeview to hide its events in the table
Version 1.5.3
May 5, 2020

New In 1.5.X:
- New Recollection Dashboard for Timeline-based Investigations
- Splunk 8.0 Support
- Python 3.7 Support
- Performance Enhancements

New in 1.5.3:
- Added Explicit Python Version Support to commands.conf for compatibility with new AppInspect
Version 1.5.1
April 21, 2020
  • New Recollection Dashboard for Timeline-based Investigations
  • Splunk 8.0 Support
  • Python 3.7 Support
  • Performance Enhancements
Version 1.5.0
April 7, 2020
  • New Recollection Dashboard for Timeline-based Investigations
  • Splunk 8.0 Support
  • Python 3.7 Support
  • Performance Enhancements
Version 1.4.4
Oct. 3, 2019
  • Updated Help Link to Direct to Walkthrough
Version 1.4.31
Oct. 1, 2019
  • Updated Help Link to Direct to Walkthrough
Version 1.4.3
Sept. 24, 2019
  • Minor Error-Handling Improvements
Version 1.4.2
Sept. 16, 2019
  • Minor Performance Increases to Universal Registry
Version 1.4.1
Sept. 13, 2019
  • Added Command-Click Functionality to macOS/iOS
Version 1.4.0
Sept. 10, 2019
  • Added Pre-loaded Case Study Data
  • Made Minor Performance Enhancements
2,713
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
Joe Kovacic
Support
Not Supported
Questions on Splunk Answers Flag as inappropriate
Compatibility
Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent Splunk Versions: 7.3, 7.2, 7.1, 7.0 Platform: Platform Independent
Licensing
End User License Agreement for Third-Party Content
Category & Contents
Categories: Security, Fraud & Compliance, Utilities
App Type: App
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2024 Splunk Inc. All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk Inc. in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.