https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-create-a-view-showing-all-events-coming-from/m-p/305098#M166314 <P>Assuming you integrated with your IPS etc using CIM compliant TAs, then you can install the Splunk CIM and use the Intrusion Detection or the Network Traffic data models.</P> <P><A href="https://splunkbase.splunk.com/app/1621/">https://splunkbase.splunk.com/app/1621/</A></P> Wed, 30 Aug 2017 00:17:52 GMT jkat54 2017-08-30T00:17:52Z https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-create-a-view-showing-all-events-coming-from/m-p/305097#M166313 <P>I'd like to create a dashboard where I could easily search for events coming from a specific IP address or username.</P> <P>For example:</P> <P>It would show where that specific IP address was logged on to, URL it accessed, if it was locked out and all that stuff considering all security appliance was added on SPLUNK such as IPS, Web Gateway, Endpoint Protection, active directory and the like.</P> <P>Just like how should an SIEM should work.</P> Tue, 29 Aug 2017 20:32:07 GMT https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-create-a-view-showing-all-events-coming-from/m-p/305097#M166313 carmella_vitug 2017-08-29T20:32:07Z https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-create-a-view-showing-all-events-coming-from/m-p/305098#M166314 <P>Assuming you integrated with your IPS etc using CIM compliant TAs, then you can install the Splunk CIM and use the Intrusion Detection or the Network Traffic data models.</P> <P><A href="https://splunkbase.splunk.com/app/1621/">https://splunkbase.splunk.com/app/1621/</A></P> Wed, 30 Aug 2017 00:17:52 GMT https://community.splunk.com/t5/Splunk-Search/Is-it-possible-to-create-a-view-showing-all-events-coming-from/m-p/305098#M166314 jkat54 2017-08-30T00:17:52Z