All Apps and Add-ons

Verizon Data Breach Investigations Report (DBIR) app for Splunk: Changes I've made so far

niemesrw
Path Finder

First of all, this app is awesome. Thanks Monzy for creating & updating it.

I'm playing with this app a little and made one change for my environment:

for VPN profile:

eventtype=cisco_vpn_start $user$ | streamstats dc(src) by user</query>

There is probably some sort of datamodel / tstats search, but I'm not smart enough to figure it out right now.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Hey, you coming back to this post or what?

0 Karma

jkat54
SplunkTrust
SplunkTrust

Does this help?

$splunk_home/etc/apps/DBIR_splunk_app/appserver/static/html/dbir_help_basic.html
0 Karma

ppablo
Retired

Hi @niemesrw

Is there a specific question you're asking the community for help with?

0 Karma
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...