Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Netscaler WAF Security for Splunk

Overview

The app "Netscaler WAF Security for Splunk" analyzes attacks on your web infrastructure prohibited by Netscaler. It's is a fork of the original F5 WAF Security by Nexinto located at https://splunkbase.splunk.com/app/2873.

Features:

  • Displays attacks based on GeoIP
  • Displays attacks based on Type
  • Displays attacks based on Country
  • Displays attacks based on IPs
  • Heatmap for Attack Type Distribution by Type, Country, Violation
  • Security Stats table for displaying chronological attack requests and locations

Installation

Deploy "Netscaler WAF Security for Splunk" like every other App by uploading it using the WebGUI or extracting it to $SPLUNK_HOME$/etc/apps. Restart Splunk afterwards.

In a distributed environment the app has to be deployed to every Search head and Indexer. Make sure the app is also deployed on the Host or Forwarder receiving the events from the Netscaler devices.

With default settings the app you have to create an index named “netscaler” and make sure data is imported using sourcetype "citrix:netscaler".

The app have been tested against Splunk v6.1 up to v6.5. Lower versions will not work "out of the box". The Common Event Format (CFE) descripted in http://support.citrix.com/article/CTX136146 is supported but not a requirement.

Feedback and Contact

If you have Feedback, issues or questions please use issue tracker at Github page: http://github.com/schose/netscaler_waf .

For direct Feedback please contact: andreas@batchworks.de.

This app was created by:

Andreas Roth Batchworks Strehlener Strasse 14 01069 Dresden

Internet: www.batchworks.de

About

No description, website, or topics provided.

Resources

License

Releases

No releases published

Packages

No packages published