This app allows you to enrich your IP Data with realtime threat information. Currently it's contacting the Project Honey Pot database via DNS-Blacklist requests.
Make sure to obtain an http:BL Authorization Key from http://www.projecthoneypot.org/httpbl_configure.php
Feedback welcome!
added to the lookup to give back new fields to Splunk. Now the days_since_last_activity and visitor type are available as fields.
Version 1.0 Update to be CIM compliant and using new Simple XML Features of 6.2
Modified Critical Network Analyzer and Threat Map Dashboard to be CIM Compliant (tag=network tag=communication
Added field inputs to both dashboards to filter data including default values
Added "How it Works" html tags for descriptions
Added new bubble chart visualization to the critical network traffic analyzer for multible dimension risk investigation
fixed issue with wrong threat score for search engine ip's
App cleanup to make it more stable
Removed the automatic lookup within the IP Reputation App to avoid to much lookups
Removed the Report Acceleration for several reports
* Changed several objects from Global to App only sharing
Updated the Threat Map to Support Splunk's Version 6 native maps and iplocation command as well as pie charts on the map splited by Fields. Additional some Form Inputs to ensure users better understand how to use the App, what's behind the scene, which search is running and make it customizable on the fly to change fieldnames or custom filter down of events to lookup
Update the Icons + Graphics to be compatible to Splunk's Version 6 including bar images
Created new Dashboard - Critical Network Traffic Analyzer.
Displaying bad network communication from the last 60 minutes, designed for Firewall logs. Dashboard is in simple xml to allow easy edit and customization in case some field names need to be corrected. Dashboard displays data which has event type "check_ip".
based on community feedback, disabled scheduled searches for the KPI Dashboard, to avoid any performance impact if the dashboard is not used.
compatible with Version 6.0 - new Dashboards, Integrated Map + Form, Icons etc. in the next upcoming Version
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.