#Splunk - Vulners App
Vulners Application for Splunk allows you to collect information about your system packages and their vulnerabilities
index=vulners | lookup vulnerslook os version package | stats list(cve) as cve values(fix) as fix by package
##Installation
Current Distro contains both Dashboard and Forwarder installations
-
In Splunk dashboard go to
Apps -> Install app from file -> choose vulners-lookup-*.tar.gz
-
Set data receiver, go to Settings -> Forwarding and receiving -> Configure receiving -> New Receiving port
- restart Splunk Enterprise
-
Install following Python libs on forwarder machines
pip3 install distro getmac ifaddr futures
-
unpack vulners_lookup.tar.gz into $SPLUNK_FORWARDER_HOME/etc/apps/
-
restart Splunk Forwarder
-
get API key at https://vulners.com/