All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Verizon Data Breach Investigations Report (DBIR) app for Splunk: Changes I've made so far

niemesrw
Path Finder
‎06-28-2015 02:53 PM

First of all, this app is awesome. Thanks Monzy for creating & updating it.

I'm playing with this app a little and made one change for my environment:

for VPN profile:

eventtype=cisco_vpn_start $user$ | streamstats dc(src) by user</query>

There is probably some sort of datamodel / tstats search, but I'm not smart enough to figure it out right now.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-02-2015 04:32 AM

Hey, you coming back to this post or what?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎11-13-2015 06:02 AM

Does this help?

$splunk_home/etc/apps/DBIR_splunk_app/appserver/static/html/dbir_help_basic.html
0 Karma
Reply

ppablo
Retired
‎06-29-2015 12:17 PM

Hi @niemesrw

Is there a specific question you're asking the community for help with?

0 Karma
Reply
Get Updates on the Splunk Community!

Good Sourcetype Naming

When it comes to getting data in, one of the earliest decisions made is what to use as a sourcetype. Often, ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Splunk App for Anomaly Detection End of Life Announcement

Q: What is happening to the Splunk App for Anomaly Detection?A: Splunk is officially announcing the ...