No description, website, or topics provided.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
default
metadata
samples
static
LICENSE
README.md

README.md

Netscaler WAF Security for Splunk

Overview

The app "Netscaler WAF Security for Splunk" analyzes attacks on your web infrastructure prohibited by Netscaler. It's is a fork of the original F5 WAF Security by Nexinto located at https://splunkbase.splunk.com/app/2873.

Features:

  • Displays attacks based on GeoIP
  • Displays attacks based on Type
  • Displays attacks based on Country
  • Displays attacks based on IPs
  • Heatmap for Attack Type Distribution by Type, Country, Violation
  • Security Stats table for displaying chronological attack requests and locations

Installation

Deploy "Netscaler WAF Security for Splunk" like every other App by uploading it using the WebGUI or extracting it to $SPLUNK_HOME$/etc/apps. Restart Splunk afterwards.

In a distributed environment the app has to be deployed to every Search head and Indexer. Make sure the app is also deployed on the Host or Forwarder receiving the events from the Netscaler devices.

With default settings the app you have to create an index named “netscaler” and make sure data is imported using sourcetype "citrix:netscaler".

The app have been tested against Splunk v6.1 up to v6.5. Lower versions will not work "out of the box". The Common Event Format (CFE) descripted in http://support.citrix.com/article/CTX136146 is supported but not a requirement.

Feedback and Contact

If you have Feedback, issues or questions please use issue tracker at Github page: http://github.com/schose/netscaler_waf .

For direct Feedback please contact: andreas@batchworks.de.

This app was created by:

Andreas Roth Batchworks Strehlener Strasse 14 01069 Dresden

Internet: www.batchworks.de