Fidelis Cybersecurity App for Splunk helps in visualizing and monitoring Fidelis Cybersecurity Alerts.
1) Add-on app, which listens for Syslog messages from Fidelis Cybersecurity.
2) Main app for visualizing Fidelis Cybersecurity data.
This App can be set up in two ways:
1) Standalone Mode: Install main app and Add-on app.
2) Distributed Environment: Install the main app and Add-on app on search head. Add-on app on forwarder and Indexer.
* Configure Add-on app on forwarder. * Main app on search head uses the received data and builds dashboards on it.
For CIM dashboards to work, it requires Splunk_SA_CIM >=4.6 installed on your Splunk instance.
The main app dashboard can take some time before the data is returned which will populate some of the panels. A good test to see that you are receiving all of the data we expect is to run this search after several minutes:
search `fidelis_get_xps_event` | stats count by sourcetype
In particular, you should see these sourcetypes:
If you don't see these sourcetypes, have a look at the log file $SPLUNK_HOME$/var/log/TA_fidelis/fidelis.log.
-Removed empty lookup file which will be generated dynamically.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.