This app for Splunk accompanies two blog posts about the MITRE ATTACK Endpoint Detection and Response (EDR) results for:
It shows data and dashboards from the JSON data published in the MITRE ATTACK evaluations
To make it easier to play with the EDR evaluation results. The JSON files from MITRE weren't that friendly for slicing and dicing in Splunk, so I write a Python script to transpose them for APT3 and APT29 here, and included that data in this app for onboarding in Splunk.
Added evaluation results for Carbanak+FIN7.
Added evaluation results for APT29
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.