This is a new Technology Add-on (TA) that allows the integration of SiLK Logs into Splunk. SiLK, the system for Internet-Level Knowledge, is a collection of traffic analysis tools developed to facilitate security analysis of large networks. SiLK is developed and maintained by the CERT Network Situational Awareness Team (CERT NetSA) at Carnegie Mellon University.
Configuation: Must create inputs.conf in $SPLUNK_HOME/etc/apps/TA-SiLK/local Setting the monitoring location. A sample can be found in $SPLUNK_HOME/etc/apps/TA-SiLK/default.
Usage: The TA-SiLK should be installed on your Indexers and Search head. It should also be used where your logs are being collected from.
Installation: This app can be installed via the web interface or by unpacking it into $SPLUNK_HOME/etc/apps for Splunk Enterprise installs or $SPLUNKFORWARDER_HOME/etc/apps on Splunk univeral forwarders. Deploying from a deployment server, please ensure your inputs.conf is preconfigured the apps local directory before pushing out to deployment clients.
Version 1.0 Nov. 15, 2013
If you're looking for something different than the typical "one-size-fits-all" security mentality, you've come to the right place.