Skip to content
/ SplunkforAviatrix Public

The repository of Splunk Application for Aviatrix Controller and Gateway logs.

License

Apache-2.0 license
0 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AviatrixSystems/SplunkforAviatrix

BranchesTags

Repository files navigation

Aviatrix Splunk Apps

Security visibility and analytics for Aviatrix Distributed Cloud Firewall in Splunk. Provides CIM-compliant field extractions and pre-built dashboards for SIEM/SOC teams.

Screenshots

Security Overview

Traffic Analysis

Threat Detection

Apps

This repository contains two Splunk apps, designed to be installed together:

TA-aviatrix (Technology Add-on)

Field extractions, lookups, and CIM data normalization for Aviatrix logs ingested via HEC.

Supported sourcetypes:

Sourcetype Description
aviatrix:firewall:l4 DCF L4 micro-segmentation logs
aviatrix:firewall:l7 DCF L7 TLS/SNI inspection logs
aviatrix:firewall:fqdn FQDN egress filtering logs
aviatrix:ids Suricata IDS alerts (EVE JSON)
aviatrix:gateway:network Gateway network statistics
aviatrix:gateway:system Gateway CPU/memory/disk statistics
aviatrix:controller:audit Controller API audit logs

CIM data models: Network Traffic, Intrusion Detection, Change Analysis

aviatrix-security (Visualization App)

Pre-built dashboards for monitoring Aviatrix Cloud Firewall activity.

Dashboards:

  • Security Overview -- KPIs, threat timeline, top blocked destinations, gateway block rates
  • Traffic Analysis -- L4/L7/FQDN traffic patterns, top sources/destinations, protocol breakdown
  • Threat Detection -- IDS alert severity, signature analysis, source/destination correlation
  • Policy Enforcement -- L7 policy hits, allow/deny ratios, domain analysis
  • Gateway Health -- CPU, memory, disk, network throughput per gateway
  • Audit Trail -- Controller API changes, user activity, success/failure tracking

Log Ingestion

These apps are designed to work with the Aviatrix SIEM Connector, which parses Aviatrix Syslog messages and posts them to Splunk via HEC (HTTP Event Collector).

Requirements

  • Splunk Enterprise 8.0+ or Splunk Cloud
  • Aviatrix SIEM Connector for log ingestion
  • CIM Add-on 4.0+ (for data model acceleration)

Installation

See DEPLOYMENT.md for detailed deployment instructions.

Quick start:

# Package the apps
tar -czf TA-aviatrix.tgz TA-aviatrix
tar -czf aviatrix-security.tgz aviatrix-security

# Upload via Splunk Web UI:
# Apps > Manage Apps > Install app from file
# Install TA-aviatrix first, then aviatrix-security

License

Apache License 2.0 -- see LICENSE.

About

The repository of Splunk Application for Aviatrix Controller and Gateway logs.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

7 forks
Report repository

Releases

2 tags

Packages

 
 
 

Contributors