Monitoring Splunk

Splunk & Ossec intergration

monitor
New Member

Splunk seems like an all around tool.

What is the advantage of incorporating the Ossec system into or with Splunk?

0 Karma

jhuebner
Explorer

The reporting and searching is much easier using SPLUNK to look at & do searches on the OSSEC data. The newest version of SPLUNK and the OSSEC plugin give you a whole new set of features.

I've not updated to the 2.5.1 version, I'm still on 2.4, but I think I'll give it a try, x.x.1 just came out.

0 Karma

esweeney
Splunk Employee
Splunk Employee

Users incorporate OSSEC alerts into Splunk to eliminate the need for a dedicated OSSEC web interface and allow for simplified incident analysis through aggregation and correlation.

Check out the app on Splunkbase: http://www.splunkbase.com/apps/All/4.x/app:Splunk+for+OSSEC+-+Splunk+v4+version

And an older blog detailing the value one company finds: http://www.ossec.net/main/splunk-ossec-integration

rayfoo
Path Finder

One that i can think of is that you can summarize data, or customize reports from Splunk, using OSSEC as an input.

Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...