This Splunk App helps to manage the log data transmitted by THOR and facilitates the analysis. Key Features of this App - Dashboard: Number of scans, scanned hosts, license usage, scans with different THOR/SPARK versions - Overview: Alert types over time, alert types by system, scan status by system, connection endpoints (geo location) - Universal View: Main THOR log analysis view with filters and sorting to process all log messages in an optimal way - Input: SYSLOG or TEXT (.txt) logs Requirements: THOR Add-on v2 https://splunkbase.splunk.com/app/3718/ Steps to get data into the Splunk App: - Use sourcetype='thor' for all your inputs (files/udp/tcp) Recommendation: - Create an index named 'thor' and make sure that the current user rule searches this index by default