The documentation[1] for the Splunk Stream does not include SSH as one of the recognized protocols for field extraction. I'd like the capability to extract, for example, the SSH keys (fingerprints) as part of our threat intelligence collection (eg, see [2]). Is this possible with Splunk Stream? If not, how do we get this into the product team's hands to get this support added?
1: http://docs.splunk.com/Documentation/StreamApp/7.0.0/DeployStreamApp/ProtocolDetection
2: https://www.bro.org/sphinx-git/scripts/base/bif/plugins/Bro_SSH.events.bif.bro.html
@jeff
unfortunately, Stream currently doesn't dissect SSH. It's on our roadmap for 2017.
@jeff
unfortunately, Stream currently doesn't dissect SSH. It's on our roadmap for 2017.