Skip to content

b4b857f6ee/Selks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

92 Commits
 
 
 
 
 
 
 
 

Repository files navigation

Selks

Splunk Application for Selks IDS

The goal of this application is to provide a dashboard on Selks for Splunk using the log of the eve.json of the suricata of the appliance This application provide you the same dashboard you can found on the appliance directly.

Please install the TA-Suricata before : https://splunkbase.splunk.com/app/2760/

Selks project : https://github.com/StamusNetworks/SELKS

Splunk - Installation

Connect to your splunk installation

create a index call "ids"

cd $HOME_SPLUNK/etc/apps

wget https://github.com/b4b857f6ee/Selks/archive/master.zip

unzip master.zip

mv Selks-master/Selks ./

mv Selks

rm -rf Selks-master/

chown splunk:splunk -R Selks (only if your are using Splunk as splunk user and not root)

restart splunk

Selks Configuration

I am sending the logs with UF of the /var/log/suricata/eve.json

Check the splunk index to be sure.

index=ids

Release Notes

About

Splunk Application for Selks IDS

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published