All Apps and Add-ons

Action column/filter for IDS/IPC/Threats

wstarowicz
Path Finder

Hi, it would be nice if there would be possibility to filter/display additional info for IDS/IPS/Threats if this has been blocked or allowed by IDS/IPS/FW based e.g. on action field etc.
Is this possible to add?

Tags (1)
1 Solution

igifrin_splunk
Splunk Employee
Splunk Employee

Great idea! The next version of the InfoSec app (tentatively scheduled to be released this month) will have the filter/visualization with allowed and blocked events.

The screenshot below is the updated IDS/IPS dashboard where you can click on the Allowed and Blocked numbers to filter results for the rest of the dashboard panels.

Please keep suggestions like this coming.
Thanks

alt text

View solution in original post

0 Karma

wstarowicz
Path Finder

Version 1.4.0 - great work! Thanks!

igifrin_splunk
Splunk Employee
Splunk Employee

Great idea! The next version of the InfoSec app (tentatively scheduled to be released this month) will have the filter/visualization with allowed and blocked events.

The screenshot below is the updated IDS/IPS dashboard where you can click on the Allowed and Blocked numbers to filter results for the rest of the dashboard panels.

Please keep suggestions like this coming.
Thanks

alt text

0 Karma

igifrin_splunk
Splunk Employee
Splunk Employee

Just a quick comment that this is now available in the InfoSec app version 1.4.0 on Splunkbase: https://splunkbase.splunk.com/app/4240/

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...