Skip to content
/ SplunkforAviatrix Public

The repository of Splunk Application for Aviatrix Controller and Gateway logs.

License

Apache-2.0 license
0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AviatrixSystems/SplunkforAviatrix

BranchesTags

Repository files navigation

Aviatrix Splunk Apps

Security visibility and analytics for Aviatrix Distributed Cloud Firewall in Splunk. Provides CIM-compliant field extractions and pre-built dashboards for SIEM/SOC teams.

Screenshots

Security Overview

Traffic Analysis

Threat Detection

Apps

This repository contains two Splunk apps, designed to be installed together:

TA-aviatrix (Technology Add-on)

Field extractions, lookups, and CIM data normalization for Aviatrix logs ingested via HEC.

Supported sourcetypes:

Sourcetype Description
aviatrix:firewall:l4 DCF L4 micro-segmentation logs
aviatrix:firewall:l7 DCF L7 TLS/SNI inspection logs
aviatrix:firewall:fqdn FQDN egress filtering logs
aviatrix:ids Suricata IDS alerts (EVE JSON)
aviatrix:gateway:network Gateway network statistics
aviatrix:gateway:system Gateway CPU/memory/disk statistics
aviatrix:controller:audit Controller API audit logs

CIM data models: Network Traffic, Intrusion Detection, Change Analysis

aviatrix-security (Visualization App)

Pre-built dashboards for monitoring Aviatrix Cloud Firewall activity.

Dashboards:

  • Security Overview -- KPIs, threat timeline, top blocked destinations, gateway block rates
  • Traffic Analysis -- L4/L7/FQDN traffic patterns, top sources/destinations, protocol breakdown
  • Threat Detection -- IDS alert severity, signature analysis, source/destination correlation
  • Policy Enforcement -- L7 policy hits, allow/deny ratios, domain analysis
  • Gateway Health -- CPU, memory, disk, network throughput per gateway
  • Audit Trail -- Controller API changes, user activity, success/failure tracking

Requirements

  • Splunk Enterprise 8.0+ or Splunk Cloud
  • Aviatrix Controller with logging configured to send via HEC
  • CIM Add-on 4.0+ (for data model acceleration)

Installation

See DEPLOYMENT.md for detailed deployment instructions.

Quick start:

# Package the apps
tar -czf TA-aviatrix.tgz TA-aviatrix
tar -czf aviatrix-security.tgz aviatrix-security

# Upload via Splunk Web UI:
# Apps > Manage Apps > Install app from file
# Install TA-aviatrix first, then aviatrix-security

License

Apache License 2.0 -- see LICENSE.

About

The repository of Splunk Application for Aviatrix Controller and Gateway logs.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 7