About the Splunk Add-on for OSSEC
|Vendor Products||OSSEC 3.6.0|
The Splunk Add-on for OSSEC collects the following OSSEC alert information:
- File Integrity Management (FIM) data
- FTP data
- su data
- ssh data
- Windows data, including audit and logon information
At this time, the add-on does not support data collection for OSSEC daemon logs, agent logs, or logs from the active response module.
This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.
Download the Splunk Add-on for OSSEC from Splunkbase at http://splunkbase.splunk.com/app/2808.
Discuss the Splunk Add-on for OSSEC on Splunk Answers at http://answers.splunk.com/answers/app/2808.
Hardware and software requirements for the Splunk Add-on for OSSEC
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!