Skip to content

Home

The Iptables Add-on allows Splunk data administrators to map netfilter events to the CIM enabling the data to be used with other Splunk Apps.

This Splunk Add-on is community driven. Any issues or feature requests may be submitted directly through Github.

Assumptions

This documentation assumes the following:

  1. You have a linux server with the appropriate firewall tools installed.
  2. You have a working Splunk environment.
  3. Basic understanding of Splunk, linux, and Firewalld/UFW/Iptables.

About

Info Description
Version 1.3.8 - Splunkbase | GitHub
Vendor Products REHL/CentOS - Firewalld, Ubuntu - UFW, built-in IPtables
Add-on has a web UI No, this add-on does not include views.

Get Started


Last update: January 23, 2023