Thanks For Downloading!
Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:
Unix/Linux: Decompress the downloaded file using a tool like
Centrify Insight is a Splunk application that listens to Active Directory domain controllers and security event logs, as well as *NIX syslog and Centrify Suite logs to provide the type of insight you need to answer security and forensic questions about Centrify secured systems.
Centrify Insight is also a great application for monitoring, searching and reporting on NIX login activity. Find you most active users, watch for failed login attempts and break out login attempts by login method (ssh, console, su) and user type (active directory domain user, local user, root).
Versions and Release Notes
Version 1.4.0 (current version - updated Jan 14, 2013)
Centrify Insight 1.4 adds new views, features and fixes. Here is a list of highlighted new features:
Version 1.3.0 (updated Jul 18, 2012)
NEW! Support for Centrify 5.x Zones, Zone hierarchy, Zone users, Zone groups, Zoned computers, Computer roles.
Enhanced AD and Zone activity views
Support for Splunk 4.3.x
Version 1.0.0 (updated Jul 18, 2012)
Version 1.2.0 (updated Jan 30, 2012)
Centrify Insight 1.2 is a stability and feature release that enhances the *NIX login activity dashboards, adds a system access summary dashboard and adds summaries of successful/failed login attempts, breaks them down by login type (SSH, Telnet, su, console) and adds monitoring of password changes initiated from *NIX systems for either local or AD users. More details:
New easier to use navigation menus and home dashboard.
Version 1.1.0 (updated Oct 05, 2011)
Centrify Insight 1.1 is a major release that adds *NIX login activity dashboards, custom searches and reports to the existing custom searches for Active Directory user/group/computer activity and Centrify Zone activity.
Version 1.0.1 (updated Jun 01, 2011)
Fixes to allow for Centrify data in Active Directory in a non-default OU.
yesterday i installed the requiered packages to integrate Centrify into a fresh installed splunk 5.0.1.
Everytime i want to view details from an entry in one of the dashboards i get the following:
"splunk encountered the following unknown module: SearchMode The view may not load properly"
Any solution for that. Google doesn't give a result about "SearchMode"?
Can I suggest an index name change.. "os" doesn't make sense. How about "Centrify" or "CentrifyInsight" for the index?
reviewed 14 Mar '12, 16:50
accept rate: 0%