TA For SplunkStart Basic Security Essentials for Splunk

This TA is an add-on for the SplunkStart app hosted on Splunkbase. It has two key Security Essentials searches (First Time Seen and Time Series Outlier) that you can use with YOUR own data by simply editing a form on SplunkStart to use your own index, sourcetype, and field names. First install SplunkStart. Then, download this TA and gunzip/untar (tar -zxvf) it somewhere on the same machine as SplunkStart. The TA does not need to be in $SPLUNK_HOME/etc/apps. Next cd into the SplunkStart/bin directory and execute the create_content.sh and it will copy the contents of this TA to SplunkStart. For complete details, read the README.txt or the details section of this TA. Note: In the default dashboard for this TA, version="1.1" was added to the top of the file in the dashboard tag for cloud compatibility. The previous tag defaulted to version="1.0"