Skip to content
master
Switch branches/tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
bin
 
 
 
 
 
 
 
 
 
 
 
 
 
 

SA-RBA (DEPRECATED)

This reference app is no longer supported but fear not, RBA is still thriving. The mechanics detailed in this app are now built into Splunk Enterprise Security and fully supported as of version 6.6.

The Investigative dashboards that are shown off in the Splunk RBA demo are an often requested artifact and I posted them here: https://github.com/apger/RBA-ES6.6-Demo-Dashboards

Dependencies

URL Toolbox: https://splunkbase.splunk.com/app/2734/

Semicircle Donut Chart Viz: https://splunkbase.splunk.com/app/4378/

Network Diagram Viz: https://splunkbase.splunk.com/app/4438/

Sankey Diagram - Custom Visualization: https://splunkbase.splunk.com/app/3112/

Event Timeline Viz: https://splunkbase.splunk.com/app/4370/

Note on proxy usage

azerty728 correctly pointed out in one of the previous issues that the genmitrelookup script runs just fine through a locally configured proxy when a single line (import os) is added to the underlying python script. That fix has been added and tested against these Splunk best practice for configuring a proxy: https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/ConfigureSplunkforproxy OR https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf.

About

Risk Based Alerting Supporting Add-On (SA) for Splunk

Resources

Releases

No releases published

Packages

No packages published

Languages