The Application has a setup section built into the app that walks you through setting up the data output on your Verizon FiOS Router. Additional information can be found at http://amiracle19.blogspot.com . Please refer to this site for updates and topic discussions about the Home Monitor App.
Thanks,
Kam
Enhancement:
Added support for timechart in overview dashboard to show changes in time for each metric.
Changed IP info to ipinfo.io.
Fixes:
Setup.xml and the REST endpoint for the Windows bandwidth input.
Updates :
Added new setup page for easier on-boarding of data.
Updated some of the descriptions on the overview dashboards.
Updated the logo.
Updated inputs.conf for Windows entry on Bandwidth input.
Edited README.md to update version from 4.4.1 to 4.4.2
Fixed missing OR statement in macros.conf file.
Updates:
Created new Map dashboard using new mapping visualizations in Splunk.
Added Bandwidth scripts for Windows and *NIX.
Added Bandwidth overview dashboard with workflow.
Updated Tours with new images.
Fixes :
Typos and other formatting issues in Home Monitor Overview page.
Enhancements
- Added IPv6 support for pfSense
- Added new Bandwidth dashboard
- Added Speed Test scripts to get average Upload, Download and Pings
- Cleaned up overview Dashboard
Fixes:
Setup Tour corrected the URL
Updates:
Removed Setup and changed it to Help!
Added sub categories for helping with setting up FiOS, pfsense and stream.
Also corrected an issue with https not going to the site in the frame. Added root blog site Added GitHub Repo Added Splunk Answers link that takes users directly to the Home Monitor page.
New Feature :+1:
Created link to shodan.io to see if users have known vulnerabilities to their current IP
Started working on searches to help see if users have vulnerable devices on their networks.
Version 4.2.3 Update
Added tomato and quantum modem sourcetypes.
Fixed direction extraction for Asus, openwrt and quantum router in
props.conf.
Made minor changes to UI (validated workflows.)
Added Lookup entry for Quantum Modem.
(Version 4.2.2 is available on GitHub, all the changes there are reflected on this release.)
Fixes :
Fixed the setup and user tours.
props.conf for fios and pfsense.
Corrected the size of the logos.
Updates:
Added new domain extraction and ports scanned in Blocked Traffic Dashboard.
Added direction field to asus and openwrt sourcetypes.
New version 4.2.0
-Added support for Splunk Stream and enhanced workflow actions
-Added tours to walk through features in the app
-Created new dashboards with better visualizations
-Easier setup for the app, with a guided setup of the data input
By default, this system looks at the DNS name of your modem, router or firewall and tries to determine the sourcetype based on the hostname. For example, if your router was called "netgear.mynetwork.com," then by default this app would apply the sourcetype "netgear" to your data input.
However, if your devices hostname has no mention of the brand, then you can set the sourcetype when setting up this app initially. Please reference the Troubleshooting link under the Setup dropdown.
This app does REQUIRE Splunk Stream and a SPAN port for some of the dashboards. Splunk 6.3 is recommended for the dashboard visualizations.
Added OpenVPN Dashboard and field extractions
Added Field for internal network addresses
Updated field extractions for pfsense 2.2.2 firewall
Modified logic behind search for Intrusion dashboard
Modified search for Tag Cloud dashboard
Bug fixes, modified props.conf for added fields for both FiOS and pfSense
Added D3 visualizations for Splunk Stream data
Removed old dashboards and reports that were no longer being used
Updated logo and icon images
3.2.1 has some very minor bug fixes for the Detective Dashboard.
Added support for pfSense 2.2.1+
Modified fios sourcetype to help with issues customers had with dashboards
Created workflow for basic troubleshooting and understanding of your network
Modifications:
Added Mikro-Tik firewall sourcetype
Fixes:
Fixed the missing lookups when running a search in the search app.
Tested on fresh install and upgrade of Home Monitor App (From 3.1.1 to 3.1.2).
A couple of bug fixes and added support for Linksys routers.
Quick Notes:
1) Data Input - When onboarding your data source, you'll need to first enable the Data Input and then decide if you want to Splunk automatically sourcetype your data based on your router's hostname. You can also manually change the sourcetype to fios, asus, pfsense, netgear or skyhub.
2) Lookup - The lookup, action_lookup.csv, is meant to help normalize the action of the firewall so that all the dashboards will populate regardless of what router you have.
3) New updated dashboards - I've gone through and vetted all the dashboards to make sure they make some logical sense. I stopped using the 'process' field since it did not exist in all the routers syslog data. Instead, I determined that outbound connections were iniated by src_ip = 192.168. and inbound connections were iniated by NOT src_ip=192.168. .
Modified UDP inputs from syslog to fios.
Modified search strings to include index and sourcetype.
Validated that all dashboards properly populate using Verizon FiOS router.
New release which has some minor bug fixes and adds the functionality of changing the sourcetype for each dashboard.
Traffic Trends - Total events was actually Average Events per hour
Transforms.conf and Props.conf were both to include data from Asus and pfsense firewalls.
Pivot - This now has some sample Pivot events, this is geared for FiOS users only at this point.
Had some issues with permissions from my local system. The issues have been resolved and this has been tested to work.
Minor fix to the indexes.conf file that creates the homemonitor index.
This version is another collection of bug fixes and validates that all the configuration files are in the default directory (not the local directory) as well as adds the old traffic_trends view. This release also creates the sourcetype "fios" which will be used for all the fios routers and can allow me to add other source types per the request from the community.
Updates:
Added setup instructions to get the firewall to log events to syslog.
Fixed the missing router configuration saved searches (permissions issue).
Added new field extractions for connection states and validated that they were shared throughout the app.
Currently in the process of building Technology Addons for additional routers / firewalls. Please send sample inputs if you would like them included in the TA.
Added the Configuration and Network diagram for setting up the Home Monitor App. Also, added the lookup tables for the default ports. Fixed some minor issues with the maps view and had to remove the particles page since it no longer worked with Splunk 5.x.
Made a minor change in the app.conf file, from 2.o to 2.0.1
Version 2.0 adds new field extractions that break out the source IP and Port along with the destination IP and Port. The new version adds the duration dashboard which allows you to see how long certain ports were being logged into as well as from what IP's.
Added source ports plus modified the lookups to use SANS.
Creates the necessary index for the app.
Modified dashboards included sparklines
**Added Location Lookups
Added new visualization using the Splunk Viz app (http://splunk-base.splunk.com/apps/22362/viz-for-splunk) along with a new Traffic Flow Dashboard. Lastly, I added a new event type for the maps view, let me know if you have any issues with it.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.