{"id":28486136,"url":"https://github.com/fox-it/dissect-add-on-for-splunk","last_synced_at":"2026-02-08T03:02:21.948Z","repository":{"id":262838768,"uuid":"867511877","full_name":"fox-it/dissect-add-on-for-splunk","owner":"fox-it","description":"A splunk plugin that provides sourcetyping for ingestion and processing of dissect records","archived":false,"fork":false,"pushed_at":"2025-02-20T12:21:39.000Z","size":24,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":5,"default_branch":"main","last_synced_at":"2026-01-26T13:53:06.654Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fox-it.png","metadata":{"files":{"readme":"README.MD","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-10-04T07:52:08.000Z","updated_at":"2025-02-20T12:07:12.000Z","dependencies_parsed_at":"2024-11-14T15:39:28.890Z","dependency_job_id":"f05c7ab2-ceee-4931-818d-a68c679e66ce","html_url":"https://github.com/fox-it/dissect-add-on-for-splunk","commit_stats":null,"previous_names":["fox-it/dissect-add-on-for-splunk"],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/fox-it/dissect-add-on-for-splunk","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect-add-on-for-splunk","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect-add-on-for-splunk/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect-add-on-for-splunk/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect-add-on-for-splunk/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fox-it","download_url":"https://codeload.github.com/fox-it/dissect-add-on-for-splunk/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fox-it%2Fdissect-add-on-for-splunk/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29218636,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T02:25:35.815Z","status":"ssl_error","status_checked_at":"2026-02-08T02:24:27.970Z","response_time":57,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-08T01:10:21.785Z","updated_at":"2026-02-08T03:02:16.940Z","avatar_url":"https://github.com/fox-it.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Dissect technology add-on for Splunk\n\nProvides sourcetyping for ingestion and processing of dissect records. \n\n## Prerequisites and dependencies\nWhen ingested Dissect output contains Evtx records they are correctly interpreted according to CIM if the Splunk Windows TA is installed. \nTo achieve this, the XmlWinEventLog of the Windows TA is altered to perform KV_MODE field extractions. \nTherefore, be carefull to use this app in a production monitoring environment.\n\nApp dependencies:\n- Splunk Windows TA\n\n## Installation\nThe latest verion can be downloaded and installed directly from [Splunkbase](https://splunkbase.splunk.com/app/7580).\nAlternatively it can be downloaded from the Releases page on [Github](https://github.com/fox-it/dissect-add-on-for-splunk/releases).\n\n## Usage\nMost basic usage is to create a tcp input in Splunk and configure it with the wanted dissect sourcetype.\nYou can now use rdump from the Dissect suite to push data to the Splunk server tcp port. See Dissect documentation on how to use rdump.\n(https://docs.dissect.tools/en/stable/tools/rdump.html)\n\nIn short this boils down to:\n\n```bash target-query \u003csource\u003e -f evtx | rdump -w splunk://\u003csplunk server ip\u003e:\u003cconfigure tcp-input port\u003e ```\n\n\n## Author\nReleased as open source by Fox-IT (https://www.fox-it.com) part of NCC Group Plc (https://www.nccgroup.com).\n\nDeveloped by the Dissect Team (dissect@fox-it.com) and made available at https://github.com/fox-it/dissect-add-on-for-splunk\n\n## License\nLicense terms: AGPL3 (https://www.gnu.org/licenses/agpl-3.0.html).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fdissect-add-on-for-splunk","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffox-it%2Fdissect-add-on-for-splunk","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffox-it%2Fdissect-add-on-for-splunk/lists"}