Dependancies

Rather than reinventing the wheel Security Monitoring for Splunk works on the premise that there are many many great apps on splunkbase that do a great job, and therefore leverages those rather than reinventing the 'wheel'. As such you should download and install the following apps before configuring Security Monitoring for Splunk.

Alert Manager App

Incident Workflows are provided by the Alert Manager app (LINK). Follow the setup instructions carefully for this app, in particular ensure you create the 'alerts' index and check the box to write incidents to the Index and KVStore. Alert Manager Link

Alert Manager TA

This technology add-on is a dependancy for the Alert Manager app. Alert Manager TA Link

Event Timeline Viz

The event timeline visualisation is used to bring context to a number of dashboards. Event Timeline Viz Link

Parallel Coordinates App

The parallel coords visualisation is used in every Continuous Monitoring dashboard inside the app, to help you visualise relationships between entities specific to the dashboard monitoring area. Parallel Coordinates Link

URL Parser

URL Parser is simply the 'only' way to deal with URL paths of any kind and much much more. URL parser is required for Advanced Threat Detection dashboards that help you analyse URL/URI strings. URL Parser Link

Horizon Chart

Horizon chart is a visualisation that is used on the System Status dashboard, used to show you incoming data and missing data sources. Horizon Chart Link

Security Essentials

If you want to import content from Security Essentials then you need to have the app installed.