CyberWatch is a premium Security Operations Center (SOC) application for Splunk Enterprise that serves as a powerful alternative to Splunk Enterprise Security (ES). Built specifically for SOC environments, CyberWatch provides enterprise-grade security monitoring, incident management, and threat detection capabilities without the complexity and cost of Splunk ES. The app features an intuitive dark-themed dashboard that gives security teams real-time visibility into their security posture and threat landscape. Advanced incident management capabilities allow analysts to create, track, and resolve security incidents with full audit trails and team collaboration features. Integrated MITRE ATT&CK framework mapping provides visual threat intelligence and helps identify gaps in security controls and detection capabilities. CyberWatch's correlation engine enables security teams to build complex detection rules and automated workflows for threat hunting and incident response. The app features customizable security response playbooks and workflow automation to ensure consistent incident handling procedures across the organization. Built with modern web technologies and optimized for performance, CyberWatch supports distributed Splunk environments including search head clusters and indexer clusters. The app integrates seamlessly with existing Splunk security solutions and provides role-based access control for different user permissions. Perfect for organizations seeking enterprise security capabilities without Splunk ES licensing costs, CyberWatch transforms Splunk into a powerful SOC command center with premium security tools and automation capabilities.

MCP Server for Splunk Platform The Model Context Protocol (MCP) is an open standard and framework that enables seamless, secure, and standardized two-way communication between AI applications (like large language models) and external data sources or tools. It acts as a universal adapter allowing AI systems to access, execute, and integrate functionalities from diverse systems through a common protocol, simplifying data sharing and tool interoperability without custom coding for each integration.

*** Important: Read upgrade instructions and test add-on update before deploying to production *** The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

NumLookup is a phone intelligence app that provides reverse phone lookup services for phone number. Get owner's name and carrier information associated with any phone number. Are you frequently haunted by unknown numbers? Looking to find out who’s behind that mysterious call you just received? Say hello to NumLookup, the ultimate reverse phone lookup solution.

Splunk Enterprise Security (ES) solves a wide range of security analytics and operations use cases including continuous security monitoring, advanced threat detection, compliance, incident investigation, forensics and incident response. Splunk ES delivers an end-to-end view of organizations’ security postures with flexible investigations, unmatched performance, and the most flexible deployment options offered in the cloud, on-premises or hybrid deployment models. Splunk ES enables you to:

The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.

The Splunk AI Toolkit delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.

Warning: You can't upgrade DB Connect directly from versions earlier than 3.18.0 to versions 4.0.0 or later. Make sure to follow upgrade path guide.

The Splunk Add-on for Microsoft Office 365 allows a Splunk software administrator to pull service status, service messages, and management activity logs from the Office 365 Management API. You can collect:

Splunk AI Assistant for SPL offers bi-directional translation between natural language (NL) and Splunk Search Processing Language (SPL) with the ability to be fully personalized in context of your unique environment and data.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

Make outbound HTTP/HTTPS API calls directly from SPL. The | req command enriches events with API responses, triggers webhooks, and integrates Splunk with any REST endpoint — supporting Basic, Bearer, and API key auth via Splunk Storage Passwords.

The Cisco Security Cloud application offers seamless integration for connecting your Cisco devices with Splunk. It features a modular UX input design, built-in health checks, and constant monitoring to ensure operational integrity.

This add-on contains a Python interpreter bundled with the following scientific and machine learning libraries: numpy, scipy, pandas, scikit-learn, and statsmodels. With this add-on, you can import these powerful libraries in your own custom search commands, custom rest endpoints, modular inputs, and so forth.

The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.

This app (also known as SA-ldapsearch) provides support functions to the Content Pack for Windows Dashboards and Reports (https://docs.splunk.com/Documentation/CPWindowsDash/latest/CP/About), Content Pack for Microsoft Exchange (https://docs.splunk.com/Documentation/CPExchange/latest/CP/About) that enable you to extract information from an Active Directory database. For instance, you can search Active Directory for records, presenting the records as events, or augment existing events with information from Active Directory based on information within the events.

MCP Server for Splunk Platform The Model Context Protocol (MCP) is an open standard and framework that enables seamless, secure, and standardized two-way communication between AI applications (like large language models) and external data sources or tools. It acts as a universal adapter allowing AI systems to access, execute, and integrate functionalities from diverse systems through a common protocol, simplifying data sharing and tool interoperability without custom coding for each integration.

The Splunk Add-on for Microsoft Office 365 allows a Splunk software administrator to pull service status, service messages, and management activity logs from the Office 365 Management API. You can collect:

*** Important: Read upgrade instructions and test add-on update before deploying to production *** The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

This app supports a variety of containment and investigative actions on the FortiGate Firewall

Splunk AI Assistant for SPL offers bi-directional translation between natural language (NL) and Splunk Search Processing Language (SPL) with the ability to be fully personalized in context of your unique environment and data.

Integrate with Slack to post messages and attachments to channels

This app performs email ingestion, investigative and containment actions on an on-premise Exchange installation

JDBC driver for Snowflake provides Snowflake JDBC driver. Drivers can be use by others Splunk apps like DB Connect.

The Splunk ES Content Update (ESCU) app delivers pre-packaged Security Content. ESCU provides regular Security Content updates to help security practitioners address ongoing time-sensitive threats, attack methods, and other security issues.

Splunk IT Service Intelligence (ITSI) is a monitoring and analytics solution powered by artificial intelligence for IT Operations (AIOps). It provides visibility into the health of critical IT and business services and their infrastructure. Use ITSI to solve a variety of IT challenges, including deriving service-level insights and analysis on events, metrics, and logs to find and fix the most important issues first.

IT Essentials Work helps you correlate logs and metrics for each entity, and then use that information to observe and understand the performance of your infrastructure. The app helps you get started monitoring and analyzing IT infrastructures such as *nix, Windows, virtualization with out-of-the-box dashboards, and pre-configured performance metrics.

The Splunk Add-on for ServiceNow allows a Splunk software administrator to collect data from ServiceNow and create incidents and events in ServiceNow.

This app integrates with JIRA to perform several ticket management actions

*** Important: Read upgrade instructions and test your add-on update before deploying to production *** Version 2.0.0 of the Splunk Add-on for Salesforce introduces breaking changes. To avoid data loss or data duplication, follow the documented upgrade instructions in detail. If your are upgrading an earlier version of the Splunk Add-on for Salesforce, a best practice is to test your update in a non-production environment before deploying to production.

The Splunk Add-on for Okta Identity Cloud:

This app integrates with git and supports common git actions

The Splunk Add-on for AWS, from version 7.0.0 and above, includes a merge of all the capabilities of the Splunk Add-on for Amazon Security Lake. This allows you to configure the Splunk Add-on for AWS to ingest data across all AWS data sources, facilitating the integration of AWS data into your Splunk platform deployment.

*** Important: Read upgrade instructions and test add-on update before deploying to production *** The Splunk Add-on for Windows 5.0.0 introduced breaking changes. If you are upgrading from a version of the Splunk Add-on for Windows that is earlier than 5.0.0, you must follow the documented upgrade instructions to avoid data loss. A best practice is to test the upgraded version in a non-production environment before deploying to production.

The Splunk Add-on for Google Cloud Platform allows a Splunk software administrator to collect google cloud platform events, logs, performance metrics and billing data using Google Cloud Platform API. After the Splunk platform indexes the events, you can analyze the data using the prebuilt panels included with the add-on. You can then directly analyze the data or use it as a contextual data feed to correlate with other Google Cloud-related data in the Splunk platform.

The Splunk Add-on for Microsoft Cloud Services allows a Splunk software administrator to pull activity logs, service status, operational messages, Azure audit, Azure resource data and Azure Storage Table and Blob data from a variety of Microsoft cloud services using Event Hubs, Azure Service Management APIs and Azure Storage API.

*** Important: Read upgrade Instructions and test add-on update before deploying to production *** There are changes to default indexes and .conf changes in version 6.0 of Splunk Add-on for Unix and Linux that can break an existing installation if upgrade instructions are not followed in detail. If an existing Splunk Add-on for Unix and Linux is being upgraded, please test in a non-production environment first.

The Common Information Model is a set of field names and tags which are expected to define the least common denominator of a domain of interest. It is implemented as documentation on the Splunk docs website and JSON data model files in this add-on. Use the CIM add-on when modeling data or building apps to ensure compatibility between apps, or to just take advantage of these data models to pivot and report.

The Splunk AI Toolkit delivers new SPL commands, custom visualizations, assistants, and examples to explore a variety of ML concepts.

The Splunk Event Generator (Eventgen) is a utility which allows its users to easily build real-time event generators.

The Splunk Add-on for Okta Identity Cloud:

Ever want to edit a lookup within Splunk with a user interface? Now you can. This app provides an Excel-like interface for editing, importing, and exporting lookup files (KV store and CSV-based).

Warning: You can't upgrade DB Connect directly from versions earlier than 3.18.0 to versions 4.0.0 or later. Make sure to follow upgrade path guide.

The Splunk Add-on for Microsoft Security collects incidents and alerts from Microsoft 365 Defender OR alerts from Microsoft Defender for Endpoint.

Get started with Splunk for Security with Splunk Security Essentials (SSE). Explore security use cases and discover security content to start address threats and challenges.

This add-on contains a Python interpreter bundled with the following scientific and machine learning libraries: numpy, scipy, pandas, scikit-learn, and statsmodels. With this add-on, you can import these powerful libraries in your own custom search commands, custom rest endpoints, modular inputs, and so forth.

The Splunk Add-On for Sysmon enables customers to create and persist connection to Microsoft Sysmon so that the available detection, events, incident and audit data can be continually streamed to their Splunk Environment. This connection enables organisations to combine the power of the Splunk platform with the visibility and rich event data source of the Microsoft Sysmon utility running on Windows platforms. The Splunk Add-on for Sysmon collects data from Sysmon’s dedicated Windows Event log. Add-On map events for CIM data models: Endpoint, Network Resolution (DNS), Network Traffic, Change.

This app (also known as SA-ldapsearch) provides support functions to the Content Pack for Windows Dashboards and Reports (https://docs.splunk.com/Documentation/CPWindowsDash/latest/CP/About), Content Pack for Microsoft Exchange (https://docs.splunk.com/Documentation/CPExchange/latest/CP/About) that enable you to extract information from an Active Directory database. For instance, you can search Active Directory for records, presenting the records as events, or augment existing events with information from Active Directory based on information within the events.

This app supports investigative actions against a Microsoft Azure SQL Server

This app integrates with JIRA to perform several ticket management actions

This app integrates with the VirusTotal cloud to implement investigative and reputation actions using v3 APIs

This App exposes various Phantom APIs as actions

This app integrates with ServiceNow to perform investigative and generic actions

This app integrates with Splunk to update data on the device, in addition to investigate and ingestion actions

This app provides the ability to send email using SMTP

This app implements URL investigative capabilities utilizing PhishTank

App specifically designed for interacting with Microsoft Active Directory's LDAP Implementation

Integrate with Slack to post messages and attachments to channels

This app performs email ingestion, investigative and containment actions on an on-premise Exchange installation

This app implements investigative actions that query the whois database

This app supports email ingestion and various investigative actions over IMAP

This app supports executing various endpoint-based investigative and containment actions on an SSH endpoint

This app integrates with the Windows Remote Management service to execute various actions

This app integrates with the Screenshot Machine service