Thanks For Downloading!
Review the documentation below and follow any custom installation steps. If no install steps are listed, most Splunk Apps and Add-ons can be installed as follows:
Unix/Linux: Decompress the downloaded file using a tool like
Splunk for ModSecurity provides searches, reports and dashboards for the famous apache module ModSecurity from Trustwave SpiderLabs.
Splunk is the perfect solution to monitor your log files and ModSecurity is the ultimate apache module to secure your web application.
What can Splunk for ModSecurity do for you?
And more to come in next release.
This app uses amMap to create flash maps, Maxmind to do local geo mapping and Sideview utils.
This app is developed for the latest ModSecuity ruleset 2.2.3 and ModSecurity 2.6.3
"ModSecurity for Apache is a product developed by Trustwave's SpiderLabs Team <<https://www.trustwave.com/spiderLabs.php>> and made available under an open source licence. SpiderLabs is engaged to popularize web application firewall technologies and make them widely accessible."
Download the app and extract the .gz under your $SPLUNK_HOME/etc/apps directory on your search head or install within the manager.
Depending on your infrastructure you may need to change source type, index and mapping of your clientip.
Splunk for ModSecurity uses third party components
Versions and Release Notes
Version 1.3 (current version - updated Jan 10, 2012)
Updated to support the IOS (iPad, iPhone) which means no more flash graphs.
Version 1.2 (updated Jan 05, 2012)
This update includes configuration control for Sideview utils, improvement of the menu and change of event search.
Version 1.0 (updated Jan 05, 2012)