Refer https://cyences.com/cyences-app-for-splunk/ for documentation of the App.
Please provide your feedback and follow our progress on the App on the Cyences Forum - https://cyences.com/
GitHub repo of the App - https://github.com/VatsalJagani/Splunk-Cyences-App-for-Splunk
Active Directory & Windows
Office 365 (O365)
Windows Defender Antivirus
Palo Alto Firewall (PaloAlto)
VPN (Global Protect and other)
Globally Detected Malicious IP List
Device Master Table
See Documentation for release notes and upgrade guide. Make sure to visit the release notes and upgrade guide before you upgrade the App.
See Documentation for release notes and upgrade guide. See the link to the documentation page on the details page.
See the Details page for release notes and upgrade guide.
Version 1.0.0 (Nov 2020)
* Created App Overview dashboard.
* Added Details/Forensic dashboard for investigating security issues.
* Added multiple security alerts with below categories.
* Categories: Ransomware, Active Directory & Windows, Office 365, Endpoint Compromise, Network Compromise, Credential Compromise, Sophos and Palo Alto Firewall.
* Added below reports:
* Active Directory & Windows
* Network Reports
* Palo Alto
* Globally Detected Malicious IPs
* Added App configuration dashboard.
* Added HoneyDB based blocked IP list and used that list to identify bad traffic.
Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.