AICX Mini SIEM for Splunk

Modern Detection, Incident Management & Scoring — All Inside Splunk. No Add-Ons. No Dependencies. Are you tired of messy alerts, scattered detection logic, and having to jump between tools just to understand what’s going on in your environment? AICX Mini SIEM turns Splunk into a lightweight, fully functional SIEM with: 🔥 Detection correlation 🔥 Automated incident creation 🔥 Real-time scoring & prioritization 🔥 Analyst-ready incident workflows 🔥 Zero external dependencies Built specifically for teams who: - Don’t have (or don’t want) a bloated SIEM - Want structured incident response inside Splunk - Need repeatable detection workflows - Want a clean overview of what’s happening right now - Prefer simple, smart, automated processes 💡 What You Get ✅ Detection Engine + Correlation Framework Automatically groups related detections, calculates priority, enriches context, and pushes results into a unified incident record. ✅ Full Incident Management Workflow A dashboard-driven workflow that lets you: Acknowledge - Assign - Add notes (now with full note history!) - Update status - Drill into correlated detections - Open scoring debug for any incident ✅ Scoring Engine (Weighted + Sensitivity-Aware) Your detections get evaluated with: - Category-level weights - Per-detection sensitivity tuning - Automated priority classification - Transparent scoring debug dashboard See exactly why an incident ranked P1, P2, or P3. ✅ Overview Dashboard At-a-glance operational clarity: - Active incidents - Detection volume - Drilldowns - 24-hour stacked status chart ✅ Zero Dependencies No Python plugins. No external DBs. No Splunk apps required. Just install → reload → start detecting. ✅ Turnkey SIEM Capability Inside Splunk Perfect for: - Solo security engineers - Small SOC teams - Consultants delivering value quickly - Lab, homelab, or customer demo environments - Anyone wanting SIEM features without SIEM licensing 🧰 What Makes AICX Mini SIEM Different? Most SIEM “packs” give you searches. AICX Mini SIEM gives you an actual workflow: - A detection comes in - Scoring engine evaluates - Incident is created or enriched - Incident enters your lifecycle - Analyst interacts using buttons (Acknowledge, Assign, Notes, etc.) - All context stays tightly coupled You get clarity, workflow, and repeatability — the core pillars of a real SIEM. 🛠️ Easy Setup Drop the app into $SPLUNK_HOME/etc/apps/ Reload Splunk Load the dashboards Start detecting & managing incidents instantly. …this pack will save you hours, accelerate your workflow, and give you enterprise-style structure.