The Splunk Add-on for Zeek aka Bro replaces the Splunk Add-on for Bro IDS.
Previous versions of the Splunk Add-on for Zeek aka Bro wrote data to the
bro index. Version 4.0.0 writes to a default index. Follow the upgrade instructions to avoid data loss.
Splunk Add-on for Zeek aka Bro
|Vendor products||Zeek aka Bro versions 2.1, 2.2, 2.3, 2.4, 2.5|
|Add-on has a web UI||No. This add-on does not contain any views.|
The Splunk Add-on for Zeek aka Bro allows a Splunk software administrator to analyze packet capture data directly or use it as a contextual data feed to correlate with other vulnerability related data in the Splunk plaftorm.
This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
Download the Splunk Add-on for Zeek aka Bro from Splunkbase.
For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Zeek aka Bro.
For information about installing and configuring this Splunk supported add-on, see the installation and configuration overview topic in this manual.
See the Splunk Community page for questions related to this add-on.
Source types for the Splunk Add-on for Zeek aka Bro
This documentation applies to the following versions of Splunk® Supported Add-ons: released