The Sandfly Security App for Splunk includes dashboards, reports and logic for analyzing data ingested from a Sandfly Security server, including Alarms, Passed, and Errors.
This app requires that the Sandfly Security Add-on for Splunk (TA-sandfly-security) already be installed and configured to ingest data into your specified index and configured with the correct sourcetype (sandfly:alarms).
The Sandfly Security App for Splunk can be downloaded and installed by either using the Splunk App setup screen or by manually downloading and installing the app.
Install this App on your search head and make sure it has the correct permissions to read the index that contains the Sandfly Security events.
This app uses the sourcetype "sandfly:alarms" as defined in TA-sandfly-security.
This app contains a macro that will, by default, search all indexes for sourcetype "sandfly:alarms".
To check the contents of the macros in Splunk 7 or newer, use CTRL-SHFT-E within the search window.
- modified data models to reflect changes in underlying event names
- removed duplicate Reports
- fixed ownership issues that prevented certain reports from running correctly
- Modify reports to work with Sandfly API Version 2.
- Added App setup page to configure the sandfly_search macro to improve app performance.
Version 1.2.0 (May 1, 2020)
Initial release of the Sandfly Security App for Splunk.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.