The app "F5 WAF Security for Splunk by Nexinto" analyzes attacks on your web infrastructure prohibited by F5 ASM.
Features:
Deploy "F5 WAF Security for Splunk by Nexinto" like every other App by uploading it using the WebGUI or extracting it to $SPLUNK_HOME$/etc/apps.
Restart Splunk afterwards.
In a distributed environment the app has to be deployed to every Search head and Indexer. Make sure the app is also deployed on the Host or
Forwarder receiving the events from the F5 devices.
With default settings the app will create an index “f5_asm_live” and a TCP input on port 10005 using sourcetype syslog_f5asm. You can customize these
settings by changing the TCP port in inputs.conf.
To integrate Splunk you will need to create a new logging profile on your F5 ASM which sends the events to your Splunk TCP input.
To create a logging profile:
If you have Feedback, issues or questions please use issue tracker at Github page: http://github.com/Nexinto/f5_asm.
For direct Feedback please contact: splunkapps@nexinto.com.
This app was created by:
Nexinto GmbH
Nagelsweg 33-35
20097 Hamburg
Telefon: +49 40-77175-0
Telefax: +49 40-77175-519
E-Mail: splunkapps@nexinto.com
Internet: www.nexinto.com
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.