Overview
The OPNsense App for Splunk provides a complete monitoring solution for organizations running OPNsense firewalls. OPNsense is a widely-used open-source firewall and routing platform, and this app gives security and network teams full visibility into firewall activity directly inside Splunk — with pre-built dashboards, correlation searches, and CIM-compliant data normalization.
Firewall logs are among the most valuable data sources in a SOC. They record every connection attempt, blocked packet, and allowed flow across the network perimeter. The OPNsense App surfaces this data in actionable form: traffic volume trends, blocked connection analysis, geographic source mapping, and integration with Splunk Enterprise Security's network data model.
How It Works
The app includes a companion add-on that normalizes OPNsense syslog output to Splunk's Common Information Model (CIM). Firewall, DHCP, DNS, and IDS/IPS log sources are all parsed and tagged correctly so they work with Splunk's data model accelerations and ES correlation searches out of the box. The app layer provides pre-built dashboards covering traffic overview, blocked connections, top talkers, and threat intelligence overlays. Documentation and community support are hosted at the project site.