icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

We are working on something new...

A Fresh New Splunkbase
We are designing a New Splunkbase to improve search and discoverability of apps. Check out our new and improved features like Categories and Collections. New Splunkbase is currently in preview mode, as it is under active development. We welcome you to navigate New Splunkbase and give us feedback.

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Analyst1
SHA256 checksum (analyst1_141.tgz) 45dfeccc31af751c18c489ed5796ed062c227c39a996b4da00593e11a5aed5d3 SHA256 checksum (analyst1_140.tgz) 4f56b119fac5d8daf231fe25c5705f5259da5b7d6f396a66eef5d2cc4c294b83 SHA256 checksum (analyst1_130.tgz) 6e0a4ab4902730fe8baf5a973fea15c5442ab0068b08077bd0b40867076c2199 SHA256 checksum (analyst1_120.tgz) 3f3fc2689bab78c97a30f14533241454e15deb1dc8bab1268446537a099c2f54 SHA256 checksum (analyst1_110.tgz) 51a08bcd66d9a6588365285dfb5b4471d262a76b215b7c35f258e15cb26b0ff9 SHA256 checksum (analyst1_100.tgz) ba0cf119b02028f3ab88dcceda5eac2a66e0c47a3510d65320535384925b6b08
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate

splunk

Analyst1

Splunk Cloud
Overview
Details
The Analyst1 App for Splunk is an add-on designed for use by existing Analyst1 customers.

This add-on brings enrichment data around observables/indicators of compromise from Analyst1 into Splunk, providing lookup tables for correlation data.

The Analyst1 App for Splunk is an add-on designed for use by existing Analyst1 customers.

This add-on brings enrichment data around observables/indicators of compromise from Analyst1 into Splunk, providing lookup tables for correlation data and some sample dashboards to get users started. All of this is accomplished with outbound connections from Splunk to Analyst1, avoiding complex firewall configurations.

For setup and operations help, open the Analyst1 Documents portal site and look for the Analyst1 App for Splunk Guide.

Release Notes

Version 1.4.1
Nov. 8, 2024

Version 1.4.1 of the Splunk TA brings multiple improvements to the Outputs module, which sends network telemetry from Splunk to Analyst1 to create hit stats.

  • Resolved a bug that prevented some Outputs from sending correctly to Analyst1
  • Improved Output sending to prevent an edge case where unsent files would accumulate on the Splunk hard disk
  • Added additional file-based logging to the Outputs workflows

Known Issues:
1) When an IOC is found on multiple Inputs and removed from only one, the IOC will incorrectly be removed from the TA lookup until the next "full refresh" sync by one of the Inputs. Frequency of refreshes is controlled by the "Refresh Factor" setting on each Input.

2) Input configuration labels are unclear. Inputs using Index lookup creation mode default to the default Splunk index, this will be more clearly labeled.

Version 1.4.0
Sept. 9, 2024

Version 1.4.0 adds overall stability to the TA and addresses several bugs, and one update to Analyst1 API usage. The fixes are as follows: 1) we now retain custom certificates, so that these do not need to be re-added when making an account change; 2) corrected and standardized case handling for IOC values in the Analyst1 /diff API endpoint; 3) we redressed instances where a poll is made for a proxy password when it is unnecessary to do so; 4) lastly, we ensured that a proxy correctly utilized for all outbound Analyst1 requests, and that the proxy is configured correctly per the Python requests library. We also updated calls to the Analyst1 API with diff/99999 to use the /sensors/{ID} to directly fetch the appropriate version.

Version 1.3.0
March 12, 2024

Resolves two issues. (1) Redresses when other TAs/Apps introduce malformed passwords the Account page would not always render. (2) Allows each Account to explicitly trust an optional public certificate to handle organizational/non-standard CA issued certificates.

Version 1.2.0
Jan. 4, 2024

Version 1.2.0 enhances our support for Outputs, a way to get indicator sightings (what Analyst1 calls Hit Stats) from Splunk into the Analyst1 platform, by redressing an issue with the API submission wrongly preserving log files on the Splunk infrastructure. It also implements all change required to maintain current Splunk Cloud compatibility, both Victoria and Classic.

Version 1.1.0
June 21, 2023

Version 1.1.0 includes beta support for Outputs, a way to get indicator sightings (what Analyst1 calls Hit Stats) from Splunk into the Analyst1 platform.

Version 1.0.0
March 20, 2023

Initial release


Subscribe Share

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
Splunk, Splunk>,Turn Data Into Doing, Data-to-Everything, and D2E are trademarks or registered trademarks of Splunk LLC in the United States and other countries. All other brand names,product names,or trademarks belong to their respective owners.