This app is dependent on the Splunk Common Information Model (CIM): https://splunkbase.splunk.com/app/1621/
The views and dashboards in this app are built using the data models found the in Splunk CIM app. Your data must conform to CIM in order for the data models to populate correctly.
The dashboards in this app are dependent on the following data models:
These CIM data models leverage additional predefined Splunk data objects created by the creators of the devices, firewalls, servers, operating systems, etc, whose data you are ingesting. In other words, if you want to import Windows data, the Splunk Add-on for Microsoft Windows app will include the necessary objects used by CIM to evaluate your Windows data. More information will be available in future versions of the Verizon DBIR app.
This is a community supported. Please post questions to http://answers.splunk.com and tag questions with 'DBIR'
DBIR Splunk App 0.4
- Updated the welcome page to better organize threat pattern dashboards
- Included a new Denial-of-Service dashboard
- Added help documentation
Version 0.3 of the Verizon DBIR app for Splunk addresses a few bug fixes. For more information on configuration and dependencies, please see the documentation tab above.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.