Optiv Decept System is a Splunk App that monitors for unauthorized and/or malicious activity on your organization’s network. By placing several honeypots that listen on many ports at strategic locations, we can detect early stage attacks. The app can provide increased visibility to potentially malicious activity going on in the organization.
Optiv Decept System is the app, installed on the search head(s), which visualizes the data collected. Optiv_TA_decept is the honeypot which is installed on a standalone honeypot server that listens for network traffic. Both apps are required.
Support is provided as a best effort basis. For best results post on Splunk Answers.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. See http://www.gnu.org/licenses/
*Minor dashboard improvements
Minor dashboard enhancements.
Improvements to the main dashboard
Extra saved searches, including email alerts (commented out)
Updated app in preparation for app certification.
* Improved splash screen dashboard
Updated app in preparation for app certification.
Added README.txt
Got rid of deprecated dashboard view options
Added a pie chart for protocol
Removed indexes.conf
Added more known port numbers
Commented out savedsearches.conf
Fixed an issue with the audit dashboard.
1.00 release.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.