All Apps and Add-ons

Action column/filter for IDS/IPC/Threats

wstarowicz
Path Finder

Hi, it would be nice if there would be possibility to filter/display additional info for IDS/IPS/Threats if this has been blocked or allowed by IDS/IPS/FW based e.g. on action field etc.
Is this possible to add?

Tags (1)
1 Solution

igifrin_splunk
Splunk Employee
Splunk Employee

Great idea! The next version of the InfoSec app (tentatively scheduled to be released this month) will have the filter/visualization with allowed and blocked events.

The screenshot below is the updated IDS/IPS dashboard where you can click on the Allowed and Blocked numbers to filter results for the rest of the dashboard panels.

Please keep suggestions like this coming.
Thanks

alt text

View solution in original post

0 Karma

wstarowicz
Path Finder

Version 1.4.0 - great work! Thanks!

igifrin_splunk
Splunk Employee
Splunk Employee

Great idea! The next version of the InfoSec app (tentatively scheduled to be released this month) will have the filter/visualization with allowed and blocked events.

The screenshot below is the updated IDS/IPS dashboard where you can click on the Allowed and Blocked numbers to filter results for the rest of the dashboard panels.

Please keep suggestions like this coming.
Thanks

alt text

View solution in original post

0 Karma

igifrin_splunk
Splunk Employee
Splunk Employee

Just a quick comment that this is now available in the InfoSec app version 1.4.0 on Splunkbase: https://splunkbase.splunk.com/app/4240/

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!