Skip to content

crowdsecurity/crowdsec-splunk-app

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
.github/workflows
.github/workflows
 
 
appserver/static
appserver/static
 
 
bin
bin
 
 
default
default
 
 
metadata
metadata
 
 
static
static
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Downloads Cloud Compatible AppInspect Compatibility

Overview

The CrowdSec Splunk app leverages the CrowdSec's CTI API's smoke endpoint which enables users to query an IP and receive enrichment

Example Usage

The following command is used to run an IP check through the CrowdSec's CTI API's smoke endpoint. On the Homepage of Splunk Web Interface, select Search & Reporting and use the following command.

| makeresults | eval ip="<dest_ip>" | cssmoke ipfield="ip"

  • cssmoke:

    • Custom command driving the core functionality of the application.

  • ipfield:

    • It denotes the field name where the IP address is stored in the index.

Results

On the event of clicking the Search button, users will be able to veiw a brief overview of various fields associated with the input IP address. This includes but not limited to location, behaviors, classifications, attack details – name, label, description, references followed by scores, threats, etc.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

11 watching

Forks

2 forks
Report repository

Releases 5

v1.0.6 Latest
Mar 22, 2023
+ 4 releases

Packages

No packages published

Contributors 2

  •  
  •  

Languages