Monitoring Splunk
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk & Ossec intergration

monitor
New Member
‎04-30-2010 07:38 PM

Splunk seems like an all around tool.

What is the advantage of incorporating the Ossec system into or with Splunk?

0 Karma
Reply

jhuebner
Explorer
‎10-20-2010 05:51 PM

The reporting and searching is much easier using SPLUNK to look at & do searches on the OSSEC data. The newest version of SPLUNK and the OSSEC plugin give you a whole new set of features.

I've not updated to the 2.5.1 version, I'm still on 2.4, but I think I'll give it a try, x.x.1 just came out.

0 Karma
Reply

esweeney
Splunk Employee
Splunk Employee
‎09-08-2010 10:26 PM

Users incorporate OSSEC alerts into Splunk to eliminate the need for a dedicated OSSEC web interface and allow for simplified incident analysis through aggregation and correlation.

Check out the app on Splunkbase: http://www.splunkbase.com/apps/All/4.x/app:Splunk+for+OSSEC+-+Splunk+v4+version

And an older blog detailing the value one company finds: http://www.ossec.net/main/splunk-ossec-integration

Reply

rayfoo
Path Finder
‎05-05-2010 12:10 PM

One that i can think of is that you can summarize data, or customize reports from Splunk, using OSSEC as an input.

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...