This app was created to allow IT Operations administrators and the security team to visualize there networks, attack paths inside an environment, connections between objects. The limits are endless. Some of the features that are supported in this app are
Also some great references for D3 below.
|- index=firewall action=allowed||stats count by src_ip, dest_ip|
This option allows you to add as many tiers of relationship mapping as neccessary. Ensure that the number format is in XX rather than X. For example node1 will not work, but node01 will work.
- index=firewall action=allowed | stats count by src_ip, dest_ip, dest_port | rename src_ip as node00, dest_ip as node01, dest_port as node03
- index=os | stats count by hardware, operatingsystem, asset_name | rename hardware as node00, operatingsystem as node01, asset_name as node03
- Tested up to 5 nodes.
If you identify any bugs or have feature requests please either contact me via twitter @MickeyPerre or post a topic under 'Questions on Splunk Answers' :)
Known - Arrows not working in IE11. This is a bug in IE not the code. To make the code flexible to exclude and include arrows I could not make this work.
Please report any other bugs to this page. I accept pull requests.
- Safari Version 11.0
- Chrome Version 61.0.X (Official Build) (64-bit)
- Firefox 64.0
Windows Server 2012
- Internet Explorer 11
This app uses D3 with the following license conditions
Updated app.manifest to fix cloud issues.
Lots of updates. Read the documentation and get excited!!
Updated Readme and app version
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.