The Hurricane Labs Firewall App for Splunk Enterprise utilizes Check Point data to view, monitor, and report on your Check Point environment. The app includes a set of pre-built searches, reports, and dashboards that show the usage and value of the individual Check Point blades as well as a holistic view of the Check Point environment. The app utilizes the Common Information Model to allow for correlations with other security related data sets. It can also integrate with the Splunk App for Enterprise Security.
The Hurricane Labs Vulnerability Management App allows you to index and view the results of Nessus scan data. This includes searches and reports which show categories and severity of specific vulnerabilities within your environment. The app also helps to automatically bring in new scan results for quick indexing of scan data. This data can also be used to cross correlate other data like IDS alerts.
Shodan is an online, public database of actual internet-based vulnerabilities. As systems are scanned and vulnerabilities are found, they are posted to this database. If your assets show up in this database, your vulnerabilities become public knowledge. The Hurricane Labs Shodan App connects with the Shodan database and displays relevant results in Splunk. This information gives a clearer picture of your threat profile and allows for quick remediation of known vulnerable systems.
We also have the Search Addon for Shodan which includes a search command for the Shodan Search Engine. It powers the Hurricane Labs Shodan App.
Hurricane Labs has released an app for Splunk called IPIntel. Essentially this app takes in an IP address and then queries various services, returning data about that host. It requires API keys to those various services (some are free, some are not) and allows you to export the results as text (Chrome only).
We also have the Search Addon for IPIntel which is a requirement for IPIntel to work.