Splunk® Supported Add-ons

Splunk Add-on for Zeek aka Bro

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

The Splunk Add-on for Zeek aka Bro replaces the Splunk Add-on for Bro IDS.

Previous versions of the Splunk Add-on for Zeek aka Bro wrote data to the bro index. Version 4.0.0 writes to a default index. Follow the upgrade instructions to avoid data loss.

Splunk Add-on for Zeek aka Bro

Version 4.0.0
Vendor products Zeek aka Bro versions 2.1, 2.2, 2.3, 2.4, 2.5
Add-on has a web UI No. This add-on does not contain any views.

The Splunk Add-on for Zeek aka Bro allows a Splunk software administrator to analyze packet capture data directly or use it as a contextual data feed to correlate with other vulnerability related data in the Splunk plaftorm.

This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

Download the Splunk Add-on for Zeek aka Bro from Splunkbase.

For a summary of new features, fixed issues, and known issues, see Release Notes for the Splunk Add-on for Zeek aka Bro.

For information about installing and configuring this Splunk supported add-on, see the installation and configuration overview topic in this manual.

See the Splunk Community page for questions related to this add-on.

Last modified on 21 July, 2021
Source types for the Splunk Add-on for Zeek aka Bro

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters