icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.
Cancel Visit New Splunkbase Visit
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us
My Account
Login Signup
Support & Services
Search Splunk Documentation Splunk Answers Education & Training User Groups Splunk App Developers Support Portal Contact Us

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

End User License Agreement for Third-Party Content

Splunk Websites Terms and Conditions of Use

Thank You

Downloading SafeBreach Add-on for Splunk
SHA256 checksum (safebreach-add-on-for-splunk_242.tgz) 2b65de582b8ab4ba2e1e2fc8a7171efd179d5b2376fa6acc8a0b947753ee662f SHA256 checksum (safebreach-add-on-for-splunk_241.tgz) 3673079a2e7981353dac973199d04a4e5e3869b95ab90f0044b154140e20facd SHA256 checksum (safebreach-add-on-for-splunk_232.tgz) 5a52ef5fb15a0f6222dfbcecc2c59ca006a0d7270f6205982c5e69b87b59c057 SHA256 checksum (safebreach-add-on-for-splunk_229.tgz) bfd367d237e1f65919286b8f21e9f73925fd02f223a1898287e56fdff195d17a SHA256 checksum (safebreach-add-on-for-splunk_228.tgz) 395665ec8be4a493a6e9b56672b7bc28d1b38b8f3ebef3dc8121eeb2df91dfd2 SHA256 checksum (safebreach-add-on-for-splunk_224.tgz) 7d4c7473dd9d8be7b700a077c8ee87c02c0f2e63870457c773b32eb6ea6d8424 SHA256 checksum (safebreach-add-on-for-splunk_222.tgz) d9bf7aeab4e2ac5ca11b51154196114b3c9030ed936ec34bab77c17227c15504 SHA256 checksum (safebreach-add-on-for-splunk_220.tgz) f9a90724c36db4d25d151a7415490afcbfca723be5a1a2b463f795c0cae5db9b SHA256 checksum (safebreach-add-on-for-splunk_210.tgz) 8407531fc260f2a9ce2ddfeeb7587bee4296a4eabd44ebaa93b0abae4c29719b SHA256 checksum (safebreach-add-on-for-splunk_202.tgz) 0321c54c6121059864d00df9ba79c0a72a9291f327a3fad8fee05c4cb431904e SHA256 checksum (safebreach-add-on-for-splunk_200.tgz) c52adb00d3c06927208e534fcb4aac1d5f00f730597170045e985665d9246e2e SHA256 checksum (safebreach-add-on-for-splunk_100.tgz) 5bcfb807090bd68ea670f5b5a6a27ba04d8d17aa6936326126ee7598205ef943
To install your download
To install apps and add-ons from within Splunk Enterprise
  1. Log into Splunk Enterprise.
  2. On the Apps menu, click Manage Apps.
  3. Click Install app from file.
  4. In the Upload app window, click Choose File.
  5. Locate the .tar.gz file you just downloaded, and then click Open or Choose.
  6. Click Upload.
  7. Click Restart Splunk, and then confirm that you want to restart.
To install apps and add-ons directly into Splunk Enterprise
  1. Put the downloaded file in the $SPLUNK_HOME/etc/apps directory.
  2. Untar and ungzip your app or add-on, using a tool like tar -xvf (on *nix) or WinZip (on Windows).
  3. Restart Splunk.
After you install a Splunk app, you will find it on Splunk Home. If you have questions or need more information, see Manage app and add-on objects.

Flag As Inappropriate
splunk

SafeBreach Add-on for Splunk

Splunk Cloud
Overview
The SafeBreach Add-on for Splunk allows users to collect data from SafeBreach platform, either via API or the Syslog CEF outbound integration. The SafeBreach Add-on for Splunk collects simulation results and audit logs, then transforms and saves the data in CIM-compatible fields. The saved data can be consumed by running searches and creating manual correlations for the simulation results, or using the SafeBreach App for Splunk Enterprise, which provides dashboards for visual representation of the data.
In addition, SafeBreach Insights can be fetched via API for later visualization of the security gaps discovered by SafeBreach simulations, as well as for generation of Notable events per SafeBreach Insight that can be consumed in Splunk ES application.

Release Notes

Version 2.4.2
Sept. 2, 2025
  • Introduced configurable mapping for previously unparsed fields for Simulation Results.
  • Reduce the minimum polling interval for Audit input to 60 seconds.
Version 2.4.1
Feb. 25, 2025
  • Updated Splunk SDK for python
  • Bug fixes
    (Added in version 2.3.1) – Simulation results are now polled only after the correlation process has completed, ensuring more accurate and consistent data retrieval.
Version 2.3.2
Nov. 24, 2024
  • Added mapping for tracking id and alert name.
Version 2.2.9
April 10, 2024

SSL verification always set to true for Cloud instances
Version 2.2.8
March 21, 2024
  • Enhanced the parsing of the syslog event parsing so that it will be visible in the dashboard
  • Fixed bug where events with status No results were not shown correctly in dashboard.
  • Removing Python 2 dependencies for Cloud version compatibility
Version 2.2.4
Aug. 1, 2022
  • Adding support for Python 3
  • Fixing an issue related to fields parsing
  • Bug fixes
Version 2.2.2
June 29, 2022
  • Adding support for Python 3
  • Fixing an issue related to fields parsing
Version 2.2.0
Feb. 2, 2022

SafeBreach audit is now available as an additional Input option.

Set it up to receive:

  • User-triggered events (like login, configuration changes, and test execution)
  • System events (including simulator dis/connection events, SIEM query events, and more)
Version 2.1.0
Jan. 12, 2022
  • CIM mappings added to the API based simulation events fetching.
  • Parameters of simulations now stored in simulation events.
  • Remediation suggestions added to simulation events.
  • Insights events now stored per test.
  • Insights remediation data fields were normalized for easier processing.
Version 2.0.2
Dec. 21, 2021
  • Fixed proxy support
  • Added option to skip SafeBreach management certificate verification
Version 2.0.0
June 17, 2021
  1. SafeBreach API support with 2 data input options:
    • Simulation results - now including the final status post correlation
    • Insights - fetch and store insights and related remediation data
  2. Splunk Enterprise Security support:
    • Notable events created based on new insights
Version 1.0.0
April 8, 2021

The SafeBreach Add-on for Splunk allows receiving SafeBreach Syslog events in CEF format both for simulation results and audit logs, parses them into the CIM compatible fields and exposes the data for users for search. It also serves as a prerequisite for the SafeBreach App for Splunk that visualizes the simulation results in dashboards.
2,314
Downloads
Share Subscribe LOGIN TO DOWNLOAD
Version
Built by
SafeBreach Inc
Support
Developer Supported
Contact Developer Questions on Splunk Answers Flag as inappropriate App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs App Contents: Inputs
Compatibility
Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise, Splunk Cloud Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise Products: Splunk Enterprise
Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0 Platform: Platform Independent CIM Versions: 6.x, 5.x, 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0 Platform: Platform Independent CIM Versions: 5.x, 4.x, 3.x Splunk Versions: 9.4, 9.3, 9.2, 9.1 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0 Platform: Platform Independent CIM Versions: 5.x, 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 9.4, 9.3, 9.2, 9.1, 9.0, 8.2, 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 4.x Splunk Versions: 8.1, 8.0, 7.3 Platform: Platform Independent CIM Versions: 4.x
Licensing
End User License Agreement for Third-Party Content
Category & Contents
Categories: Security, Fraud & Compliance
App Type: Add-on
Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Submit New Splunk App Dev Resources
PLATFORM
Data-to-Everything Platform
Splunk Cloud
Splunk Enterprise
Splunk Machine Learning Toolkit
Splunk Data Stream Processor
Pricing
Free Trials & Downloads
SECURITY PRODUCTS
Splunk Enterprise Security
Splunk Phantom
Splunk Mission Control
Splunk User Behavior Analytics
IT OPERATIONS & OBSERVABILITY PRODUCTS
Splunk Infrastructure Monitoring
Splunk IT Service Intelligence
Splunk Application Performance Monitoring
Splunk On-Call
SOLUTIONS BY INITIATIVE
Cloud Transformation
SOLUTIONS BY FUNCTION
Security
IT
Devops
SOLUTIONS BY INDUSTRY
Aerospace & Defense
Communications
Energy & Utilities
Financial Services
Healthcare
Higher Education
Manufacturing
Nonprofits
Online Services
Public Sector
Retail
WHY SPLUNK?
Why Splunk?
Customer Stories
Partners
Data-to-Everything
Diversity & Inclusion
SUPPORT
Support Portal
Support Programs
Splunk Answers
Contact Us
Product Security Updates
RESOURCES
Events
Webinars
Blogs
Customer Success
Expert Services
Data Insider
View All Resources
FOR DEVELOPERS
Documentation
Best Practices
Get Started with Splunk
Training & Certification
User Groups
Community
Splunkbase
Splunk dev
COMPANY
About Splunk
Careers
Leadership
Splunk for Good
Splunk Ventures
Splunk Protects
Newsroom
COVID-19 Response
SPLUNK SITES
.conf
Splunk Live!
T-Shirt Store
Investor Relations
Follow Us:
© 2005-2025 Splunk LLC All rights reserved.
Sitemap | Privacy | Website Terms of Use | Splunk Licensing Terms | Export Control | Modern Slavery Statement | Splunk Patents | Report a Problem
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.