Splunk App
Wazuh provides an automated way of building our Wazuh Splunk app packages.
To create a Wazuh Splunk app package follow these steps:
Requirements
Docker
Git
Download our wazuh-packages repository from GitHub and go to the splunkapp directory of the 4.0 branch.
$ git clone https://github.com/wazuh/wazuh-packages && cd wazuh-packages/splunkapp && git checkout 4.0
Execute the generate_wazuh_splunk_app.sh
script, with the different options you desire. This script will build a Docker image with all the necessary tools to create the Wazuh Splunk App package and run a container that will build it:
$ ./generate_wazuh_splunk_app.sh -h
Usage: ./generate_wazuh_splunk_app.sh [OPTIONS]
-b, --branch <branch> [Required] Select Git branch or tag.
-s, --store <directory> [Optional] Destination directory by default /home/vagrant/wazuh-wazuh-packages-26460eb/splunkapp/output
-r, --revision [Optional] Package revision that append to version e.g. x.x.x-y.y.y_rev
-c, --checksum <path> [Optional] Generate checksum
-h, --help Show this help.
Below, you will find some examples of how to build Wazuh Splunk App packages.
# ./generate_wazuh_splunk_app.sh -b v4.0.4-8.0.4 -s /splunk-app -r 1
This will generate a Wazuh Splunk app package for Wazuh 4.0.4 and Splunk 8.0.4 with revision 1 and store it in /splunk-app.
# ./generate_wazuh_splunk_app.sh -b v4.0.4-8.0.4 -s /splunk-app -r 1 -c
This will generate a Wazuh Splunk app package for Wazuh 4.0.4 and Splunk 8.0.4 with revision 1, the sha512 checksum and store them in /splunk-app.
Remember that the branch or tag for the script has to come from our wazuh-splunk repository.