How to Deploy Airlock App for Splunk

The Airlock App for Splunk is split into two parts:

1. The Splunk Add-Ons which allow a fast and easy integration by parsing the logs correctly and provide the Airlock WAF field names as well as the corresponding Splunk CIM alias.
2. The Splunk App itself depends on those Splunk Add-Ons and contains dashboards for different use cases to simplify analytic tasks. For a brief overview about the app please consider our factsheet.

While the Splunk Add-Ons are free, the Splunk App with its dashboards must be purchased by Ergon Informatik AG. The integration of Airlock WAF into Splunk is described in the document below.