×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
rhinzman
Engager
Member since: ‎07-28-2014
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 6
Member Since ‎07-28-2014
Activity Feed
View All

Re: Are there plans to update Security Onion app f...

by in All Apps and Add-ons
‎05-03-2017 05:25 PM
1 Karma
‎05-03-2017 05:25 PM
1 Karma
I have gone through and started working on this problem personally. Best bet is to implement the TA-Bro, Snort and Suricata apps if all you need is splunk event ingest. Splunk 6.6 provides the ability now to build drilldown dashboards without XML markup much like the security Onion Dashboards are built. In lieu of waiting for the author to make the necessary changes, you could modify the props.conf, transforms.conf and inputs.conf to suit your particular instance of security onion. Make sure that the fields referenced in the transforms.conf match your BroIDS version. THose fields have a habit of changing per build of BroIDS. Also if you want to get snort alerts you may forward the alerts to local syslog facility and bring them into Splunk that way. This is only a temporary fix in the event the author does not update for a while. Please feel free to contact me and I can provide the transforms I am using with a Security Onion 14.04.5.2 build. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:03 AM
Karma from
View All