See Documentation at; https://smfs-docs.readthedocs.io/en/latest
TLDR; Install the pre req apps, most important being the Alert Manager app, and its TA, and configure it before working on this app. My recommendation is you configure alert manager to write to the 'alerts' index (which you need to create on your install) and write incidents to KVStore & the index (its clear how to do tht when you setup Alert Manager).
Once done, work through setup for this app, configuring your data sources and installing the right Technology add-ons (by searching splunkbase) to help you with field extractions.
Please provide issues, bugs, feedback via splunkbase.
New Functionality; Import Content directly into the content manager (Playbooks), from Security Essentials app.
Fixed Tooltips previously broken in Splunk 8.0, due to blocking some bootstrap data- tags
Rework of the Playbook editor surface for a more consistent resize experience
HTML semantic improvements
Fixed Errors failing Cloud Vetting.
Fixed an issue with tabs in Splunk v8.0
V1.3 - With lots more content!
See latest at: https://smfs-docs.readthedocs.io/en/latest/
Fixed a lookup naming clash with windows_ta.
Fixed a clash on lookup names with the Windows_TA
Enhancement: Improved navigation bar in response to good feedback.
Enhancement: Service name lookup included to translate to network port numbers.
Enhancement: Network Intrusion Dashboard included in the Communications section.
Bug: Numerous fixed particularly with dashboard filter controls.
Bug: Detailed Traffic Streams graph corrected.
1.0.2 - Minor Bug Fix on VPN panel
- Initial Release
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.