{"id":31816710,"url":"https://github.com/splunk/splunk-ref-pas-code","last_synced_at":"2025-10-11T09:57:54.221Z","repository":{"id":19289589,"uuid":"22526656","full_name":"splunk/splunk-ref-pas-code","owner":"splunk","description":"Splunk Reference App - Pluggable Auditing System (PAS) - Code Repo","archived":false,"fork":false,"pushed_at":"2019-07-08T16:14:59.000Z","size":3993,"stargazers_count":22,"open_issues_count":2,"forks_count":17,"subscribers_count":54,"default_branch":"master","last_synced_at":"2024-04-15T02:58:42.732Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splunk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-08-01T20:15:33.000Z","updated_at":"2022-08-14T01:28:21.000Z","dependencies_parsed_at":"2022-09-25T05:40:44.824Z","dependency_job_id":null,"html_url":"https://github.com/splunk/splunk-ref-pas-code","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/splunk/splunk-ref-pas-code","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-ref-pas-code","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-ref-pas-code/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-ref-pas-code/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-ref-pas-code/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splunk","download_url":"https://codeload.github.com/splunk/splunk-ref-pas-code/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-ref-pas-code/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279006749,"owners_count":26084185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-10-11T09:57:47.348Z","updated_at":"2025-10-11T09:57:54.212Z","avatar_url":"https://github.com/splunk.png","language":"Python","readme":"# Splunk Reference App - PAS (Update for Splunk Enterprise 6.3) - Code Repo \n### Version 1.5.x\n\nSplunk Enterprise is an analytic environment that uses a distributed\nmap-reduce architecture to efficiently index, search, and process very large time-varying data sets.\n\nThe Splunk Developer Platform enables developers to take advantage of the same underlying technologies that power the core product to build exciting new apps and solutions that are enabled by capabilities unique to Splunk Enterprise.\n\nThe Splunk Reference App - PAS teaches you how to develop apps for Splunk. Here, you can explore the evolution of the reference app along with some additional engineering artifacts, like tests, deployment considerations, and tradeoff discussions.\n\nThe accompanying Splunk Developer Guide for Building Apps presents a documentary of how the team went about building this reference app. The guide is currently available as an early preview at \u003chttp://dev.splunk.com/goto/devguide\u003e. We welcome your feedback on both the app and the guide.\n\n### What Does This App Do?\nThe PAS app is intended to enable an organization to monitor various document repositories (current and future). Managers and auditors can use the app to see who has viewed, modified, deleted, or downloaded documents or other artifacts from various sources. \n\n\n### Requirements\nHere's what you need to get going with the Splunk Reference App - PAS.\n\n#### Splunk Enterprise\n\nIf you haven't already installed Splunk Enterprise, download it at \n\u003chttp://www.splunk.com/download\u003e. For more information about installing and \nrunning Splunk Enterprise and system requirements, see the\n[Installation Manual](http://docs.splunk.com/Documentation/Splunk/latest/Installation). \n\n#### The main PAS app\nClone this repo. You can put the pas_ref_app folder with its content directly in the $SPLUNK_HOME/etc/apps folder. We recommend you clone it to some other working folder and create a symlink to the *pas_ref_app* in the $SPLUNK_HOME/etc/apps folder. \n\nInitialize submodules. Several add-ons live in their own repositories, but have been linked into this project using git submodules for your convenience.\n\n* `git submodule init`\n* `git submodule update`\n\n* Unix/MacOS: `ln -s {PATH_TO_REPOSITORY}/pas_ref_app/ $SPLUNK_HOME/etc/apps/pas_ref_app`\n* Windows: `mklink /D $SPLUNK_HOME\\etc\\apps\\pas_ref_app {PATH_TO_REPOSITORY}\\pas_ref_app\\`\n\n#### Getting data in\nThere are several ways for you to feed data into the PAS app.\n\n* Ingest your own data. Just make sure those sources are tagged with \"change\" and \"audit\", \n* Use the eventgen app, if you want a simulated data flow. Get it from \u003chttp://dev.splunk.com/goto/deveventgen\u003e, or \n* Consume the test data set provided in the [test repo](http://github.com/splunk/splunk-ref-pas-test/tree/master/tests/pas_sample_data). \n\n#### Install dependencies\n\nThe reference app relies on data provider add-ons. Three simulated data providers (file add-on, documents app add-on, database add-on) and one real data provider (Google Drive Data Provider add-on) are made available. Install at least one data provider. You'll find the install scripts for Unix/MacOS and Windows in the [/bin](tree/master/pas_ref_app/bin) folder. \n\nFor the Google Drive data provider installation and configuration, see specific instructions in the [Google Drive Addon README](https://github.com/splunk/splunk-add-on-google-drive/blob/master/README.md).\n\nFor the JIRA custom alert action  installation and configuration, see specific instructions in the [JIRA Alerts Addon README](https://github.com/splunk/splunk-add-on-jira-alerts).\n\nThe reference app uses a lookup table which could have been produced by an HR system process. For demonstration purposes, we have encapsulated it in the [HR info addon folder](tree/master/pas_ref_app/appserver/addons/pas_hr_info). \n\n(Optional) Certain reference app functionality requires an identity provider. We have used a [simulated identity provider](tree/master/pas_simulated_users_addon). \n\n#### Configure user access\n\nCreate a new user that belongs to the **pasadmin** or **pasuser** role, and log in as this new user. \n\nAlternatively, add index **'pas'** to the default searchable indexes by going to **Splunk Settings** -\u003e **Access controls** -\u003e **Role** -\u003e **admin** -\u003e **Indexes searched by default** and adding **'pas'** into the list of default search indexes.\n\nNote: if you are using a Splunk Free license, integrated role-based access control is not available.Thus, you will not be able to add new users or roles and should use the alternative method of adding the pas to the list of indexes searched by default.\n\n\n#### Configure the app using the Setup page\nSpecify at least one department that you want to surface on the Summary dashboard.\n\n## Usage\nFor usage see the _About_ page of the app.\n\n## Community and Feedback\nQuestions, comments, suggestions? To provide feedback about this release, to get help with any problems, or to stay connected with other developers building on Splunk please visit the \u003chttp://answers.splunk.com\u003e community site. \n\nFile any issues on [GitHub](https://github.com/splunk/splunk-ref-pas-code/issues).\n\nCommunity contributions via pull requests are welcomed! Go to the \n[Open Source](http://dev.splunk.com/view/opensource/SP-CAAAEDM) page for more information. \n\n* Email: devinfo@splunk.com\n* Blog: \u003chttp://blogs.splunk.com/dev\u003e\n* Twitter: [@splunkdev](http://twitter.com/splunkdev)\n\n## License\n\nThe Splunk Reference App - PAS is licensed under the Apache License 2.0. Details can be found in the LICENSE file.\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-ref-pas-code","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplunk%2Fsplunk-ref-pas-code","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-ref-pas-code/lists"}