This application provides compliance and triage dashboards for MITRE ATT&CK Framework that are fully integrated with Splunk Enterprise Security(https://splunkbase.splunk.com/app/263/) and Splunk ES Content Update (https://splunkbase.splunk.com/app/3449/) with drill-down capabilities.
Splunk Enterprise 7.x or above
Splunk Enterprise Security 5.2 or above
Splunk ES Content Update 1.0.40 or above
Upon initial installation you may need to manually run "Mitre Compliance Lookup Gen" saved search/report in order to populate the lookup table.
This application comes with a predefined saved search (Mitre Compliance Lookup Gen) which checks currently enabled correlation rules via analytic stories and creates a lookup file to match them to MITRE ATT&CK Framework techniques for compliance. By default this search is scheduled to run at midnight everyday to populate the lookup table.
- Initial version for Splunkbase
- Test to run on 7.3.0 and ES App 5.3
- Bug fixes & typos
- Added descriptions to dashboards
- Added improvements for initial lookup generator
Contact information for reporting an issue: firstname.lastname@example.org
Bug fixes & typos
Added descriptions to dashboards
Added improvements for initial lookup generator
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 50GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.