Splunk Add-on for Check Point OPSEC LEA version 4.3.1 Copyright (C) 2018 Splunk Inc. All Rights Reserved.   For documentation, see: http://docs.splunk.com/Documentation/AddOns/latest/OPSEC-LEA   安装在转发器   Step1. 删除APP cd /opt/splunk/etc/apps/ rm -rf Splunk_TA_checkpoint-opseclea Step2. 重启 /opt/splunk/bin/splunk restart   注册： subscription-manager register --username=lan_shiyun@126.com --password=lsy@2018 --auto-attach   yum install -y glibc.i686 yum install -y pam yum install -y pam.i686   转发器配置 http://www.mottoin.com/tech/115392.html   https://docs.splunk.com/Documentation/Forwarder/7.2.1/Forwarder/Configureforwardingwithoutputs.conf   Splunk Add-on https://docs.splunk.com/Documentation/AddOns Splunk APP https://splunkbase.splunk.com/   Splunk Answers https://answers.splunk.com/index.html     Splunk Universal Forwarder https://www.splunk.com/en_us/download/universal-forwarder.html   https://www.splunk.com/page/previous_releases/universalforwarder   https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/InstallaWindowsuniversalforwarderfromaninstaller#Choose_the_account_that_the_universal_forwarder_should_use   https://blog.csdn.net/yeah_go/article/details/77894540   collection 集合 view 视图 a href 链接 一个栏目可以是一个view, 也可以是一个collection． 一个collection栏目下面可以有多个view视图、href链接或子栏目pa 配置位置：配置>用户界面>视图，导航栏   高级开发手册 http://docs.splunk.com/Documentation/Splunk/latest/AdvancedDev https://docs.splunk.com/Documentation/Splunk/7.2.4/Admin/Webconf https://docs.splunk.com/Documentation/Splunk/7.2.4/Admin/Appconf#app.conf.spec   APP http://splunk.force.com/SplunkCloud?prdType=EnterpriseSecurity&_ga=2.92242522.1900337799.1548724259-798176765.1547514836   Splunk Apps网站 http://apps.splunk.com     Check Point App for Splunk https://splunkbase.splunk.com/app/4293/   https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm   http://supportcontent.checkpoint.com/solutions?id=sk122323   https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk31311&partition=General&product=SmartView   R80.10 Log Exporter T43 sk122323 https://supportcenter.checkpoint.com/supportcenter/portal?action=portlets.DCFileAction&eventSubmit_doGetdcdetails=&fileid=62128   Splunk Enterprise Security https://splunkbase.splunk.com/app/263/     https://splunkbase.splunk.com/app/2897/   Use Splunk Enterprise Security https://docs.splunk.com/Documentation/ES/4.5.0/User/Overview   About the Splunk Add-on for Websense DLP https://docs.splunk.com/Documentation/AddOns/released/WebsenseDLP/About   安装在搜索头   cd /opt/splunk/etc/apps rm -rf Splunk_TA_websense-dlp /opt/splunk/bin/splunk restart   The Splunk Add-on for Microsoft SQL Server https://docs.splunk.com/Documentation/AddOns/released/MSSQLServer/About   Command Modular Input https://splunkbase.splunk.com/app/1553/   Check Point App for Splunk https://splunkbase.splunk.com/app/4293/   https://sc1.checkpoint.com/documents/App_for_Splunk/html_frameset.htm   (forwarder, indexer, and search head).   简体中文版手册 https://docs.splunk.com/Documentation/Splunk/6.5.0/Translated/SimplifiedChinesemanuals   搜索命令手册 https://docs.splunk.com/Documentation/Splunk/7.2.5/SearchReference/Collect   Command quick reference https://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/ListOfSearchCommands       Splunk 工具App和Add-on整理总结 https://blog.csdn.net/ffjl1985/article/details/78626506   Splunk 网络App和Add-on整理总结 https://blog.csdn.net/ffjl1985/article/details/78626252   Overview of Splunk apps and add-ons | Splunk   http://dev.splunk.com/view/SP-CAAAFDW   Splunk 数据库App和Add-on整理总结 https://blog.csdn.net/ffjl1985/article/details/78626288   Splunk Supporting Add-on for Active Directory https://splunkbase.splunk.com/app/1151/   https://docs.splunk.com/Documentation/SA-LdapSearch/2.2.0/User/AbouttheSplunkSupportingAdd-onforActiveDirectory   Splunk App for Microsoft Exchange https://splunkbase.splunk.com/app/1660/   Palo Alto Networks App for Splunk https://splunkbase.splunk.com/app/491/ https://www.paloaltonetworks.com/cyberpedia/how-to-break-the-cyber-attack-lifecycle   NTsyslog http://ntsyslog.sourceforge.net/   https://sourceforge.net/projects/ntsyslog/files/Installer/NTSyslog%201.15%20%28full%29/   Evtsys–轻松将Windows日志转换为SYSLOG http://sns.iianews.com/space-527920-do-blog-id-11536.html https://www.snaresolutions.com/products/snare-agents/open-source-agents/   规则库 https://xz.aliyun.com/t/1974 解析规则库 关联规则 合并规则 多日志规则 联关动规则   微步在线 https://x.threatbook.cn/api 威胁情报 https://threatbook.cn/product/tip   Splunk User Behavior Analytics (Splunk UBA) https://splunkbase.splunk.com/app/2941/#/overview   Splunk App for Unix and Linux https://splunkbase.splunk.com/app/273/   转发配置文件 outputs. /opt/splunk/etc/system/local/outputs.conf   接收配置文件 /opt/splunk/etc/system/local/inputs.conf     https://www.kiwisyslog.com/downloads   收费，试用60天。 Splunk App for VMware https://splunkbase.splunk.com/app/725/   Splunk Add-on for VMware https://splunkbase.splunk.com/app/3215/   Splunk OVA for VMware https://splunkbase.splunk.com/app/3216/   F5 Networks - LTM https://splunkbase.splunk.com/app/812/   Splunk Add-on for F5 BIG-IP https://splunkbase.splunk.com/app/2680/ https://docs.splunk.com/Documentation/AddOns/latest/F5BIGIP/About     Set up user authentication with LDAP https://docs.splunk.com/Documentation/Splunk/latest/Security/SetUpUserAuthenticationWithLDAP     Splunk Add-on for NGINX (Search Heads) https://splunkbase.splunk.com/app/3258/   https://docs.splunk.com/Documentation/AddOns/latest/nginx/About   https://www.weblogexpert.com/info/NginxLogs.htm   https://www.weblogexpert.com/sample/index.htm   http://nginx.org/en/docs/http/ngx_http_log_module.html   https://docs.nginx.com/nginx/admin-guide/monitoring/logging/ https://*.com/questions/25591828/nginx-logging-to-syslog     Splunk Add-on for ISC BIND   https://splunkbase.splunk.com/app/2876/#/details   https://docs.splunk.com/Documentation/AddOns/latest/ISCBIND/About   Splunk DB Connect   《Splunk智能运维实战》p204   https://splunkbase.splunk.com/app/2686/   https://docs.splunk.com/Documentation/DBX/latest   To use Splunk DB Connect in a distributed search environment, including search head clusters, you must determine the planned use cases. For ad hoc, interactive usage of database connections by live users, install the app on search head(s). For scheduled indexing from databases and output of data to databases, install the app on heavy forwarder(s).   When planning a large DB Connect deployment, the ideal configuration for your needs can depend on a number of factors, including: * Total number of Forwarders in the deployment, and the hardware specifications of each. * Total expected data volume to transfer. * Number of database inputs per Forwarder. * Dataset size, per input, per interval. * Execution Frequency, the interval length between a database input's separate executions. * Fetch size (note that not all JDBC drivers use this parameter for returning result sets).   https://dev.mysql.com/downloads/connector/j/   https://docs.microsoft.com/en-us/sql/connect/jdbc/microsoft-jdbc-driver-for-sql-server?view=sql-server-2017     Trend Micro Deep Security for Splunk https://splunkbase.splunk.com/app/1936/   Splunk Add-on for Apache Web Server https://splunkbase.splunk.com/app/3186/ https://www.loggly.com/ultimate-guide/centralizing-apache-logs/   http://httpd.apache.org/docs/current/mod/mod_log_config.html https://docs.splunk.com/Documentation/AddOns/latest/ApacheWebServer/About   Splunk App for Web Analytics https://splunkbase.splunk.com/app/2699/#/details   Website Monitoring https://splunkbase.splunk.com/app/1493/#/details   Web Page Monitor https://splunkbase.splunk.com/app/29/#/overview   Splunk Add-on for Microsoft IIS https://splunkbase.splunk.com/app/3185/   https://docs.splunk.com/Documentation/AddOns/latest/MSIIS/About     Splunk Add-on for Microsoft Windows DNS https://splunkbase.splunk.com/app/3208/   DDST DNS Analytics for Splunk https://splunkbase.splunk.com/app/1090/   Windows DNS Logs Analytics https://splunkbase.splunk.com/app/3012/     DNS Insight https://splunkbase.splunk.com/app/1827/#/details     Farsight DNSDB for Splunk https://splunkbase.splunk.com/app/3050/   syslog-ng Open Source Edition - Technical Documentation https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition/3.20   Installing latest syslog-ng on RHEL and other RPM distributions https://www.syslog-ng.com/community/b/blog/posts/installing-latest-syslog-ng-on-rhel-and-other-rpm-distributions   See how to optimize SIEM with syslog-ng https://www.youtube.com/watch?v=-mlhu9dSpe0     Scaling to large networks with syslog-ng https://www.youtube.com/watch?v=NAtKt5wrV3c   Using syslog-ng with splunk  https://www.splunk.com/blog/2016/03/11/using-syslog-ng-with-splunk.html   Syslog for windows  https://nxlog.co/products/all/download   https://nxlog.co/docs/nxlog-ce/nxlog-reference-manual.html  

Splunk 存储App和Add-on整理总结

https://blog.csdn.net/ffjl1985/article/details/78626333  

Splunk 工具App和Add-on整理总结

https://blog.csdn.net/ffjl1985/article/details/78626506   报表自动发送（Report Sender）下载地址：https://apps.splunk.com/app/2614/   PDF Report Capture for Splunk https://splunkbase.splunk.com/app/4132/   Smart PDF Exporter for Splunk https://splunkbase.splunk.com/app/4030/#/details     REST API Modular Input https://splunkbase.splunk.com/app/1546/   Network Tools  Ping dns Whois speedtest  https://splunkbase.splunk.com/app/3491/   Ping federations  https://splunkbase.splunk.com/app/976/   Splunk Add-on for Infoblox   https://splunkbase.splunk.com/app/2934/#/details   https://docs.splunk.com/Documentation/AddOns/latest/Infoblox/About   splunk 自签证书 https://docs.splunk.com/Documentation/Splunk/7.0.3/Security/Howtoself-signcertificates       Infoblox Intelligence   https://splunkbase.splunk.com/app/4472/   https://splunkbase.splunk.com/app/4472/#/details     Infoblox ActiveTrust Cloud https://splunkbase.splunk.com/app/3850/   Splunk Common Information Model (CIM) https://splunkbase.splunk.com/app/1621/#/details     https://docs.splunk.com/Documentation/CIM/latest/User/Overview