Splunk Application Development

Many organizations and vendors struggle to leverage Splunk due to limited knowledge, or cross-training in other softwares, which doesn’t allow you to see the results you’re looking for. This is why Splunk is the only product we deploy and stand behind 100%, because we want to provide something of value to your business.

Our services give a wider scope of your Splunk environment. We can assist your team in expanding your Splunk use cases, supporting you in the necessary areas, and fully empowering the value of your investment.

We are the developers of several applications published on Splunkbase App store. These applications can be easily modified to match our customers requirements.

Firegen for Cisco ASA Splunk App

Firegen for Cisco ASA Splunk App

Dashboards with traffic, denials and management information for Cisco ASA, Pix and FWSM firewalls. Provides a basis for the development of a variety of alarms and reports. Feedback is encouraged and support will be provided as needed!

Firegen for Juniper SSG Splunk App

Firegen for Juniper SSG Splunk App

The Juniper SSG Firewall Log Analysis app provides several dashboards with statistics compiled from the syslog messages recorded by Juniper SSG Firewalls. The app requires the Splunk Add-On for Juniper in order to create the required sourcetypes.

Windows Event Logs Analysis App

Windows Event Logs Analysis Splunk App

The Windows Event Log Analysis app provides an intuitive interface to the Windows event logs collected by the Splunk Universal Forwarder for Windows (from the local computer or collected through Windows Event Log Forwarding).

Threat Intelligence Research

Threat Intelligence

Our analysts are maintaining Firegen Abusers Threat Intel list, with IP addresses attempting to compromise websites using various attack vectors. Each IP address is confirmed against several sources, including website logs and IDS signatures. The CSV list contains the IP address, the nature of the malicious activity, the date and the originating country. Only the IP addresses that proved to consistently attempt to attack websites are added to the list.

The list can be used as dynamic block list, in SIEM dashboards and overall verification as confirmed malicious addresses. The list can be used free of charge as long as the source. The list is part of the aggregated Firegen Threat Intelligence feeds. The feeds are updated every 6 hours and are used in several Firegen applications and Splunk apps.

Get In Touch

Whether you are looking for general information or have a specific question, we want to help.