Splunk® Supported Add-ons

Splunk Add-on for OSSEC

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

About the Splunk Add-on for OSSEC

Version 4.1.0
Vendor Products OSSEC 3.6.0

The Splunk Add-on for OSSEC collects the following OSSEC alert information:

  • File Integrity Management (FIM) data
  • FTP data
  • su data
  • ssh data
  • Windows data, including audit and logon information

At this time, the add-on does not support data collection for OSSEC daemon logs, agent logs, or logs from the active response module.

This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.

Download the Splunk Add-on for OSSEC from Splunkbase at http://splunkbase.splunk.com/app/2808.

Discuss the Splunk Add-on for OSSEC on Splunk Answers at http://answers.splunk.com/answers/app/2808.

Last modified on 21 July, 2021
  NEXT
Hardware and software requirements for the Splunk Add-on for OSSEC

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters