Thanks For Downloading!
Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:
Unix/Linux: Decompress the downloaded file using a tool like
Connects events found in Splunk to the full packet capture and reconstruction of the event in Solera DS Appliances.
A free 30-day trial of the Solera Virtual Appliance can be downloaded at www.soleranetworks.com
Investigate any network security event with depth and clarity with the Solera DeepSee App for Splunk. Solera DS Appliances and Virtual Appliances capture, classify, and index 100% of network traffic acquired via SPAN port or network tap. Network sessions can be instantly searched, replayed, or reconstructed to provide the ultimate level of visibility on the network -- a full fidelity record of every packet. The amount of storage used equates to the amount of history desired and network bandwidth.
This app adds a powerful Investigate button to each event found in Splunk. With a single click users can pivot from events in Splunk to the full packet capture and application reconstruction in the Solera DeepSee interface or even download a PCAP file of the full session within seconds. Solera DeepSee provides the data to act with confidence and secure your network against Next Generation Threats.
Solera DS Appliances achieve the following use cases:
Compatible with any Solera DS Appliance running Solera OS 4.1 or later including the Solera Virtual Appliance (available for a free 30-day trial at www.soleranetworks.com).
Versions and Release Notes
Version 1.1.1 (current version - updated Mar 21, 2011)
Updated package to include screenshot for Splunkbase.
when is this app going to be updated? specifically, you have the password to access solera stored in the clear
came across this tutorial which may help: http://blogs.splunk.com/2011/03/15/storing-encrypted-credentials/
reviewed 29 Oct '12, 13:47
accept rate: 28%
Yes, please. Password is passed in the clear in the URL as well.
reviewed 02 Nov '12, 06:00
accept rate: 0%
Password passing to Solera has been disabled for some time due to the inherent security risk of credentials being passed in the clear. You should leave the username and password blank when using this app. You will then have to manually log in, unless you already have an open session and then it will use that cookie.
There is also the option from the DeepSee UI to add the Splunk system as a referrer and this will allow direct logins without a password. This also has inherent weaknesses so the best security practice is to just log in anytime you make a pivot from Splunk to DeepSee.
reviewed 18 Jan, 10:35
accept rate: 0%