{"id":24678724,"url":"https://github.com/contrast-security-oss/contrastsplunkapp","last_synced_at":"2025-03-21T18:25:04.055Z","repository":{"id":47656320,"uuid":"99717843","full_name":"Contrast-Security-OSS/ContrastSplunkApp","owner":"Contrast-Security-OSS","description":"Contrast Security App for Splunk","archived":false,"fork":false,"pushed_at":"2021-08-19T13:11:07.000Z","size":2368,"stargazers_count":2,"open_issues_count":0,"forks_count":2,"subscribers_count":40,"default_branch":"master","last_synced_at":"2025-03-16T03:45:00.353Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Contrast-Security-OSS.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-08-08T17:15:37.000Z","updated_at":"2021-12-22T21:42:53.000Z","dependencies_parsed_at":"2022-09-08T00:21:10.762Z","dependency_job_id":null,"html_url":"https://github.com/Contrast-Security-OSS/ContrastSplunkApp","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FContrastSplunkApp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FContrastSplunkApp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FContrastSplunkApp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Contrast-Security-OSS%2FContrastSplunkApp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Contrast-Security-OSS","download_url":"https://codeload.github.com/Contrast-Security-OSS/ContrastSplunkApp/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244846012,"owners_count":20520062,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-26T13:18:03.616Z","updated_at":"2025-03-21T18:25:04.033Z","avatar_url":"https://github.com/Contrast-Security-OSS.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Contrast Security App for Splunk\n\nContrast Security App for Splunk allows you to visualize the security of your running application like never before. Contrast Security App for Splunk provides actionable and timely application threat intelligence across your entire application portfolio. Contrast Security instrumented applications self-report the following about an attack – the attacker’s IP address, authenticated username, method of attack, which applications, servers, frequency, volume, and level of compromise. In addition, Contrast Security also provides specific guidance to engineering teams on where applications were attacked and how threats can be remediated. Finally, Contrast Security's Log Enhancement capability extends this visibility into the inner workings of application and user behavior.  Log Enhancers enable users to log anything in an application.\n \nAll of this intelligence is streamed directly into Splunk, allowing you to quickly and efficiently identify key problem areas and respond to attacks faster than ever before.\n \n  \n ## Installation Instructions\n\n ### 1. Install Contrast Security App\n\n * Download the packaged app from [Splunk marketplace](https://splunkbase.splunk.com/app/4140/) or [GitHub](releases).\n * Click the Settings gear icon next to Apps\n * Click install app from file.\n\n\n ### 2. Setup syslog receiver\n\n   Contrast Security agents stream SIEM events as UDP syslog events in CEF format. \n\n * Click on Settings -\u003e Data Input\n * Add new UDP listener\n\n   Reuse port 514 or chose a different port\n ![alt text](./images/UDP_Listeners.png \"UDP Listeners\")\n   Select source_type as contrast_events\n ![alt text](./images/UDP_Listener.png \"UDP Listener\")\n\n\n## Dashboards\nThe default dashboard looks like this ...\n\n![alt text](./images/AttackSummary.png \"Attack Dashboard\")\n\nWe also show geographical view of attack sources. The charts are all drill-down charts.\n\n![alt text](./images/GeographicalView.png \"Attack Distribution\")\n\n## Reports\nAll events reported by Contrast Security.\n![alt text](./images/Events.png \"Contrast Security Events\")\n\n## Search\nContrast Security adds a new event type. You can customize the search using Splunk query language.\n![alt text](./images/Search.png \"Contrast Security Events\")\n\n\n \n ## Developer Instructions\n\nTo learn how to write an app for Splunk, please refer to [Splunk Website](http://dev.splunk.com/view/webframework-developapps/SP-CAAAEMY).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fcontrastsplunkapp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcontrast-security-oss%2Fcontrastsplunkapp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcontrast-security-oss%2Fcontrastsplunkapp/lists"}