Tripwire TA that integrates with Splunk Enterprise...

shandman · ‎09-25-2017

The last post I see on this subject is almost three years old. Does anyone know if there is a Tripwire TA that integrates with the Splunk Enterprise Security Application? We are following best practice of not installing additional apps onto our Splunk Enterprise Security Cluster, so I'm not interesting in whether there is an app that CAN be installed in parrellel with Splunk ES. Rather, I'm looking for a TA that tags the tripwire data correctly and will integrate it with Splunk ES.

rpille_splunk · ‎09-25-2017

It looks like the community-supported TAs https://splunkbase.splunk.com/app/3058/ and https://splunkbase.splunk.com/app/3052/ are both CIM-compliant, per their descriptions (even though unfortunately the splunkbase tags for CIM compliance are not applied, so that's hard to discover.) Any add-on that is CIM compliant should work with Spunk Enterprise Security, provided the CIM compliance is correctly implemented in those TAs.

shandman · ‎09-25-2017

Thank you for the response. I'm hoping someone out there has verified the CIM compliance / integration and will comment here. 🙂

Tripwire TA that integrates with Splunk Enterprise Security?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform