https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12726#M67 <P>Users incorporate OSSEC alerts into Splunk to eliminate the need for a dedicated OSSEC web interface and allow for simplified incident analysis through aggregation and correlation.</P> <P>Check out the app on Splunkbase: <A href="http://www.splunkbase.com/apps/All/4.x/app:Splunk+for+OSSEC+-+Splunk+v4+version" rel="nofollow">http://www.splunkbase.com/apps/All/4.x/app:Splunk+for+OSSEC+-+Splunk+v4+version</A></P> <P>And an older blog detailing the value one company finds: <A href="http://www.ossec.net/main/splunk-ossec-integration" rel="nofollow">http://www.ossec.net/main/splunk-ossec-integration</A></P> Thu, 09 Sep 2010 05:26:28 GMT esweeney 2010-09-09T05:26:28Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12724#M65 <P>Splunk seems like an all around tool. </P> <P>What is the advantage of incorporating the Ossec system into or with Splunk?</P> Sat, 01 May 2010 02:38:24 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12724#M65 monitor 2010-05-01T02:38:24Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12725#M66 <P>One that i can think of is that you can summarize data, or customize reports from Splunk, using OSSEC as an input.</P> Wed, 05 May 2010 19:10:57 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12725#M66 rayfoo 2010-05-05T19:10:57Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12726#M67 <P>Users incorporate OSSEC alerts into Splunk to eliminate the need for a dedicated OSSEC web interface and allow for simplified incident analysis through aggregation and correlation.</P> <P>Check out the app on Splunkbase: <A href="http://www.splunkbase.com/apps/All/4.x/app:Splunk+for+OSSEC+-+Splunk+v4+version" rel="nofollow">http://www.splunkbase.com/apps/All/4.x/app:Splunk+for+OSSEC+-+Splunk+v4+version</A></P> <P>And an older blog detailing the value one company finds: <A href="http://www.ossec.net/main/splunk-ossec-integration" rel="nofollow">http://www.ossec.net/main/splunk-ossec-integration</A></P> Thu, 09 Sep 2010 05:26:28 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12726#M67 esweeney 2010-09-09T05:26:28Z https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12727#M68 <P>The reporting and searching is much easier using SPLUNK to look at &amp; do searches on the OSSEC data. The newest version of SPLUNK and the OSSEC plugin give you a whole new set of features.</P> <P>I've not updated to the 2.5.1 version, I'm still on 2.4, but I think I'll give it a try, x.x.1 just came out.</P> Thu, 21 Oct 2010 00:51:39 GMT https://community.splunk.com/t5/Monitoring-Splunk/Splunk-Ossec-intergration/m-p/12727#M68 jhuebner 2010-10-21T00:51:39Z