Hi,
I've been trying to install the CIM app since yesterday. I can't find it in "More App" and I can't manually install it the "Manage App" windows.
I have a school project, I can get data from an instance and detect a Brute force attack but I have to try to detect Tor Browser usage.
I tried Network Behavior Analytics App, it looks for CIM compliant data within Splunk. I have Tor installed on the instance and I want the app to detect it.
Which logs I have to index and how? DNS logs, Web logs?
Is there any other way I can ensure my data is being indexed correctly.