All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Verizon Data Breach Investigations Report (DBIR) app for Splunk: Changes I've made so far

niemesrw
Path Finder
‎06-28-2015 02:53 PM

First of all, this app is awesome. Thanks Monzy for creating & updating it.

I'm playing with this app a little and made one change for my environment:

for VPN profile:

eventtype=cisco_vpn_start $user$ | streamstats dc(src) by user</query>

There is probably some sort of datamodel / tstats search, but I'm not smart enough to figure it out right now.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎12-02-2015 04:32 AM

Hey, you coming back to this post or what?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎11-13-2015 06:02 AM

Does this help?

$splunk_home/etc/apps/DBIR_splunk_app/appserver/static/html/dbir_help_basic.html
0 Karma
Reply

ppablo
Retired
‎06-29-2015 12:17 PM

Hi @niemesrw

Is there a specific question you're asking the community for help with?

0 Karma
Reply
Get Updates on the Splunk Community!

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Today’s threat landscape is more complex than ever. Security operation centers (SOCs) are overwhelmed with ...

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...