Refer https://cyences.com/ for documentation of the App.
GitHub repo of the App - https://github.com/CrossRealms/Splunk-Cyences-App-for-Splunk
By default, the Cyences app provides a multitude of alerts and dashboards in the following categories:
Active Directory / Azure Active Directory
Linux / Unix
Windows
Windows Patch
Sysmon
Antivirus / Antimalware
CrowdStrike
Kaspersky
Office 365 Defender ATP
Sophos Endpoint Protection
Windows Defender
Authentication
Cloud Tenancies
Amazon Web Services
Google Workspace
Microsoft Office 365
Microsoft Azure Graph Security Score
DNS Tracker
Email
Microsoft Office 365
Google Workspace
Lansweeper
Databases
MSSQL
Oracle
Network Devices
Cisco IOS
Fortinet FortiGate
Palo Alto Networks
Sophos Firewall
Ransomware
Cisco Meraki
VPN
Cisco Anyconnect
Fortinet FortiGate
GlobalProtect (Palo Alto)
Vulnerability
CrowdStrike Spotlight
Qualys
Tenable
Nessus Professional
Apart from alerts and dashboards, the Cyences App also integrates with some other well-known tools to create important dashboards that would add intelligence to your security investigation and auditing processes:
Intelligence
Device Inventory Table
User Inventory Table
Globally Detected Malicious IPs
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://crossrealms.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://vatsaljagani.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://vatsaljagani.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://vatsaljagani.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
https://vatsaljagani.github.io/Splunk-Cyences-App-for-Splunk/release_notes/
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
See Documentation for full release notes and upgrade guide.
See Documentation for release notes.
See Documentation for release notes.
See Documentation for release notes and upgrade guide. Make sure to visit the release notes and upgrade guide before you upgrade the App.
See Documentation for release notes and upgrade guide. See the link to the documentation page on the details page.
See the Details page for release notes and upgrade guide.
Version 1.0.0 (Nov 2020)
Created App Overview dashboard.
Added Details/Forensic dashboard for investigating security issues.
Added multiple security alerts with below categories.
* Categories: Ransomware, Active Directory & Windows, Office 365, Endpoint Compromise, Network Compromise, Credential Compromise, Sophos and Palo Alto Firewall.
Added below reports:
* Active Directory & Windows
* O365
* Network Reports
* Palo Alto
* Globally Detected Malicious IPs
* Sophos
* VPN
* Authentication
Added App configuration dashboard.
Added HoneyDB based blocked IP list and used that list to identify bad traffic.
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.