The Qintel suite of technology add-ons allows you to enrich your various log data from Qintel’s Patch Management Intelligence (PMI), and QSentry services. The Qintel Dashboards App provides you with visualizations of this Qintel enriched data to allow you to take quick action.
Follow the below-listed steps to install an app from the bundle:
The app itself does not need to be configured.
It expects either Qintel PMI Add-on for Splunk, Qintel QSentry Add-on for Splunk, or Qintel QSentry Feed Add-on for Splunk to be installed and the steps to be followed for 'auto-enrichment'.
When these are configured properly, the dashboard in this app will populate automatically.
There are three macro's that can be customized for your environment.
Qintel Index is the destination index that the Qintel Apps will store the stash values in, by default this is 'main'.
Qintel Source Indexes are the indexes that are searched when looking for data to autoenrich, be default this is all indexes.
Qintel IP Search is the custom search command that is integrated into the 'Threat Intel - Overview' dashboard for more easily pivoting.
To uninstall app, user can follow below steps:
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.