Giters

doksu / TA-linux_secure

Linux Secure Technology Add-On for Splunk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

TA-linux_secure

Linux Secure Technology Add-On for Splunk

This app provides linux_secure field extractions and normalisation to the Common Information Model.

No configuration is required and it need only be installed on search heads (i.e. contains no index-time transforms).

N.B. This app is intended to replace the security-relevant aspects of the Splunk Add-on for Unix and Linux (Splunk_TA_nix) and as such it's strongly recommended that the Splunk_TA_nix app be removed from your search head before installing this app as they may conflict.

Further documentation is provided in the wiki here: https://github.com/doksu/TA-linux_secure/wiki

About

Linux Secure Technology Add-On for Splunk

License:MIT License