Skip to content

CiscoSecurity/tg-05-cisco-secure-malware-analytics-add-on

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
README
README
 
 
appserver
appserver
 
 
bin
bin
 
 
default
default
 
 
metadata
metadata
 
 
static
static
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
README.txt
README.txt
 
 
app.manifest
app.manifest
 
 
package.sh
package.sh
 
 

Repository files navigation

Gitter chat

Cisco Secure Malware Analytics Add-On:

The Cisco Secure Malware Analytics Add-On for Splunk leverages the Secure Malware Analytics API to enrich events within Splunk. This occurs by pulling the user's organizational submission data into Splunk making it searchable via timestamps, threat score, user associated with sample submission, and many other options.

Installation guides:

  1. Installation from Store:

    • Login to your Splunk instance.

    • On the top left of the homescreen click on the "Manage" button

      Screenshot 2024-01-29 at 15 46 40

    • On the top right click the "Browse more apps" button

      Screenshot 2024-01-29 at 15 53 57

    • Search for "Cisco Secure Malware Analytics Add-on"

      Screenshot 2024-01-29 at 15 58 02

    • Click the "Install" button on the Add-on card.

    • Add-on should appear in the Apps bar on homescreen of your Splunk instance.

      Screenshot 2024-01-29 at 16 00 51

  2. Installation from the file:

    • Download Cisco Secure Malware Analytics Add-On for Splunk from Splunkbase here: https://splunkbase.splunk.com/app/4251/

    • Login to your Splunk instance

    • On the top left of the homescreen click on the "App Settings" button

      Screenshot 2024-01-29 at 15 46 40

    • On the "Manage" page click the "Install app from file" button on the top right

      Screenshot 2024-01-29 at 16 03 55

    • On the Upload app page click the "Choose File" button and select the file from the pop-up

    • Click the "Upload" button

    • Add-on should appear in the Apps bar on homescreen of your Splunk instance.

      Screenshot 2024-01-29 at 16 00 51

Configuration Guide

  1. In the Apps bar on the homescreen click on the "Cisco Secure Malware Analytics" icon

    Screenshot 2024-01-29 at 16 00 51

  2. Go to the Configuration tab

  3. Click the "Add Account" button

    Screenshot 2024-01-29 at 16 13 52

  4. Fill out the form to create an Account that will be used for Input Creation:

    • Account name - Enter a title for the account.
    • Host - Enter the host for your Cisco Secure Malware Analytics instance.
    • API Key - Enter API Key from your Cisco Secure Malware Analytics instance.

  5. If needed add Proxy settings.

  6. Go to the Inputs tab

  7. Click the "Create New Input" button

    Screenshot 2024-01-29 at 16 35 53

  8. Fill out the form to create an Input:

  • Name - Enter a name for the input.
  • Interval - Enter the time interval in seconds between API queries. Recommended to leave the default value.
  • Index - Choose an index in which events will be created.
  • After - Enter the period of a lookback for a query. Recommended to leave the default value.
  • Global Account - Choose an account you would like to use for the new input.
  1. Go to Search tab to search for events.

Note: To search for events you can add sourcetype="cisco:sma:data" or source="cisco_secure_malware_analytics_input://<name_of_the_input>" expressions to the search.

About

Threat Grid Add-On for Splunk

splunkbase.splunk.com/app/4251/

Topics

splunk threat-grid

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors 2

  •  
  •  

Languages