DFIR Dashboards by DFIRVault

DFIRVault is an advanced, analyst-driven threat detection and investigation platform built entirely in Splunk. It combines detection engineering, behavior analytics, and investigation workflows into a single operational view for security operations and digital forensics teams. The app ingests Windows security, Sysmon, PowerShell, and endpoint telemetry and automatically enriches events with MITRE ATT&CK techniques, risk scores, kill-chain stages, adversary emulation context, and entity relationships. DFIRVault goes beyond traditional dashboards by incorporating: - Risk-based alerting (RBA) - Peer group and golden image baselining - Attack path and blast radius inference - Entity-centric timelines - MITRE coverage analysis and detection gap identification - Integrated investigation notebooking This allows analysts to move seamlessly from detection → triage → scoping → investigation → documentation, all without leaving Splunk. DFIRVault is designed to be modular, transparent, and extensible — making it suitable for blue teams, DFIR responders, threat hunters, and detection engineers alike.