Giters

ZachChristensen28 / TA-linux_iptables

Splunk Add on for Linux Iptables

Home Page:https://splunk-iptables.ztsplunker.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

splunksplunk-addoniptableslinux

TA-linux_iptables - Add-on for Linux Iptables

TA-linux_iptables

GitHub Documentation Status Splunk Appinspect GitHub release (latest SemVer) Splunkbase App Splunk CIM Version

Documentation

Full documentation can be found at https://splunk-iptables.ztsplunker.com.

About

Info Description
Version 1.3.8 - See on Splunkbase
Vendor Product RHEL/CentOS - Firewalld, Ubuntu - UFW, built-in IPtables
Add-on has a web UI No. This add-on does not contain any views.

The TA-linux_iptables Add-on allows Splunk data administrators to map the linux firewall events to the CIM enabling the data to be used with other Splunk Apps, such as Enterprise Security.

Release Notes

Version: 1.3.8

- Added sample configuration for the syslog sourcetype if IPtable data is mixed with syslog data.
- Updated log_prefix field extraction to consider log prefixes surrounded with quotes.

Issues or Feature Requests

Please open an issue or submit feature requests at GitHub

About

Splunk Add on for Linux Iptables

https://splunk-iptables.ztsplunker.com

splunksplunk-addoniptableslinux

License:MIT License