Hi billcyz,
there should be 2 possibilities here, but I think nowadays Splunk or any APP cannot support any of them.
Decription. It's not easy to do this, only as far as I know, only some HTTPS proxies (Squid: http://wiki.squid-cache.org/Features/SslBump) can do something like a MITM, decript data, generate a self-signed certificate and use some mimic technique to be like the original one. But, still with possibility, I don't know any procedure to take the data out of Squid and analyze the raw data.
Draw a packet in a human readable way, like Wireshark, for example. It's only possible with raw traffic, not SSL. And, anyway, I don't know how can Splunk can do this. I don't know any app or method.
However, in this case you're trying to decipher SecureShell (ssh) traffic. I guess it's not going to be possible. But, regarding Snort, the most straightforward way to get Snot data into Splunk is using Splunk for Snort (https://splunkbase.splunk.com/app/340/ ). It's CIM compliant and will be possible to integrate that info with Splunk App for Enterprise Security.
... View more