Tripwire TA that integrates with Splunk Enterprise...

shandman · ‎09-25-2017

The last post I see on this subject is almost three years old. Does anyone know if there is a Tripwire TA that integrates with the Splunk Enterprise Security Application? We are following best practice of not installing additional apps onto our Splunk Enterprise Security Cluster, so I'm not interesting in whether there is an app that CAN be installed in parrellel with Splunk ES. Rather, I'm looking for a TA that tags the tripwire data correctly and will integrate it with Splunk ES.

rpille_splunk · ‎09-25-2017

It looks like the community-supported TAs https://splunkbase.splunk.com/app/3058/ and https://splunkbase.splunk.com/app/3052/ are both CIM-compliant, per their descriptions (even though unfortunately the splunkbase tags for CIM compliance are not applied, so that's hard to discover.) Any add-on that is CIM compliant should work with Spunk Enterprise Security, provided the CIM compliance is correctly implemented in those TAs.

shandman · ‎09-25-2017

Thank you for the response. I'm hoping someone out there has verified the CIM compliance / integration and will comment here. 🙂

Tripwire TA that integrates with Splunk Enterprise Security?

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

.conf24 | Session Scheduler is Live!!

Introducing the Splunk Community Dashboard Challenge!