The Analyst1 App for Splunk is an add-on designed for use by existing Analyst1 customers.
This add-on brings enrichment data around observables/indicators of compromise from Analyst1 into Splunk, providing lookup tables for correlation data and some sample dashboards to get users started. All of this is accomplished with outbound connections from Splunk to Analyst1, avoiding complex firewall configurations.
For setup and operations help, open the Analyst1 Documents portal site and look for the Analyst1 App for Splunk Guide.
Resolves two issues. (1) Redresses when other TAs/Apps introduce malformed passwords the Account page would not always render. (2) Allows each Account to explicitly trust an optional public certificate to handle organizational/non-standard CA issued certificates.
Version 1.2.0 enhances our support for Outputs, a way to get indicator sightings (what Analyst1 calls Hit Stats) from Splunk into the Analyst1 platform, by redressing an issue with the API submission wrongly preserving log files on the Splunk infrastructure. It also implements all change required to maintain current Splunk Cloud compatibility, both Victoria and Classic.
Version 1.1.0 includes beta support for Outputs, a way to get indicator sightings (what Analyst1 calls Hit Stats) from Splunk into the Analyst1 platform.
Initial release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.