Splunk Add-on for OSSEC collects the following OSSEC alert information: File Integrity Management (FIM) data FTP data su data ssh data Windows data, including audit and logon information At this time, the add-on does not support data collection for OSSEC daemon logs, agent logs, or logs from the active response module. This add-on provides the inputs and CIM-compatible knowledge to use with other Splunk apps, such as Splunk Enterprise Security and the Splunk App for PCI Compliance.