Major update that adds several RBA-related dashboards:
- Explore Correlation Search details more effectively than using Content Management.
- Analyze Risk Factors and where they are applied.
- Visualize Risk Factor application vs rule/risk object/etc.
- Examine Correlation Search MITRE ATT&CK coverage.
Updated to support Enterprise Security >= 6.0
Removed Extreme Search support and added MLTK support.
Several bug fixes that had been lingering for a while.
The purpose of this App is to make it much easier to explore your ES knowledge objects and get an overview of how things are configured. For example:
Which Correlation Searches are enabled, real-time, or use Extreme Search?
How many and which Key Indicators are accelerated?
Which searches set risk scores and by how much?
... and much more.
Requirements: Enterprise Security >= 4.7.x. ES 4.7 and above consolidated all Correlation Search information into the savedsearches.conf file - this App relies on that functionality.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.