Security Onion App for Splunk

Enterprise customers utilizing Splunk can now install the Security Onion App for Splunk.

Warning

The Security Onion App for Splunk is not officially supported at this time.

Requirements

Note

The Security Onion App for Splunk utilizes the Security Onion Connect API, which is an enterprise-level feature of Security Onion. Contact Security Onion Solutions, LLC via our website at https://securityonion.com/pro for more information about purchasing a Security Onion Pro license to enable this feature.

Configuration

See https://splunkbase.splunk.com/app/7887 to get started.

Note

A Connect API Client must be created in the Security Onion API Clients screen. The API Client should be granted sufficient permissions needed to perform the tasks that the Splunk app will need to execute.