Refer https://cyences.com/cyences-app-for-splunk/ for documentation of the App.
Please provide your feedback and follow our progress on the App on the Cyences Forum - https://cyences.com/
GitHub repo of the App - https://github.com/VatsalJagani/Splunk-Cyences-App-for-Splunk
Active Directory & Windows
Office 365 (O365)
Palo Alto Firewall (PaloAlto)
VPN (Global Protect and other)
Version 1.0.0 (Nov 2020)
* Created App Overview dashboard.
* Added Details/Forensic dashboard for investigating security issues.
* Added multiple security alerts with below categories.
* Categories: Ransomware, Active Directory & Windows, Office 365, Endpoint Compromise, Network Compromise, Credential Compromise, Sophos and Palo Alto Firewall.
* Added below reports:
* Active Directory & Windows
* Network Reports
* Palo Alto
* Globally Detected Malicious IPs
* Added App configuration dashboard.
* Added HoneyDB based blocked IP list and used that list to identify bad traffic.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.