Scripted Inputs and Splunk
Josh Porto, Senior Consultant, Cyber Engineering, Coalfire
Splunk is an extremely versatile tool when dealing with data:
- Monitor files? Check!
- Listen in on an open port? Check!
- Monitor the file system? Performance monitor? HTTP Event Collector?
- Check, check aaaaand check!
But what if the data you want to ingest does not have a method listed above? Say, something like a database or a security tool’s API? Scripted inputs are the solution! Splunk can even employ a variety of scripts to include (but not limited to) PowerShell, shell scripts, and Python. Besides working around data sources, which do not use log files and cannot send via TCP or UDP, the advantages abound and include: