About the Splunk Add-on for OSSEC
|Vendor Products||OSSEC 2.7 or later|
The Splunk Add-on for OSSEC allows a Splunk software administrator to collect alert events from OSSEC servers over syslog. The add-on collects the following alert data from OSSEC:
- File Integrity Management (FIM) data
- FTP data
- su data
- ssh data
- Windows data, including audit and logon information
At this time, the add-on does not support data collection for OSSEC daemon logs, agent logs, or logs from the active response module.
After the Splunk platform indexes the events, you can consume the data using the prebuilt panels included with the add-on. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
Download the Splunk Add-on for OSSEC from Splunkbase at http://splunkbase.splunk.com/app/2808.
Discuss the Splunk Add-on for OSSEC on Splunk Answers at http://answers.splunk.com/answers/app/2808.
Source types for the Splunk Add-on for OSSEC
This documentation applies to the following versions of Splunk® Supported Add-ons: released