Skip to main content

Splunk SIEM App

The Splunk SIEM App enables IP lookup from CrowdSec CTI API via custom command called cssmoke. It provides information about the IP, such as what kind of attacks it has been participant of as seen by CrowdSec's network. It also includes enrichment by CrowdSec like background noise score, aggressivity over time etc.

Installation

The Splunk SIEM App is available in Splunkbase. You can download it from here.

Usage

Get your API key for CrowdSec CTI API by following this guide.
Complete the App setup by providing your API Key

Setup View

Test it by running the query | makeresults | eval ip="8.8.8.8" | cssmoke ipfield="ip"

Example Output

Installation
Usage

CrowdSec Console

CrowdSec Console

This website uses cookies to help us improve. Click "accept" to allow us to continue using cookies.