All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Verizon Data Breach Investigations Report (DBIR) app for Splunk: Changes I've made so far

niemesrw
Path Finder
‎06-28-2015 02:53 PM

First of all, this app is awesome. Thanks Monzy for creating & updating it.

I'm playing with this app a little and made one change for my environment:

for VPN profile:

eventtype=cisco_vpn_start $user$ | streamstats dc(src) by user</query>

There is probably some sort of datamodel / tstats search, but I'm not smart enough to figure it out right now.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-02-2015 04:32 AM

Hey, you coming back to this post or what?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎11-13-2015 06:02 AM

Does this help?

$splunk_home/etc/apps/DBIR_splunk_app/appserver/static/html/dbir_help_basic.html
0 Karma
Reply

ppablo
Retired
‎06-29-2015 12:17 PM

Hi @niemesrw

Is there a specific question you're asking the community for help with?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...