The purpose of the app is to show how much your environment covers the techniques and tactics of the miter attack, helping the SOC to direct the forces to areas that are less covered
For the application to work fully, it is necessary to install "Splunk Common Information Model (CIM)"
Add an alert on the dashboard:
Example of the completed panel:
Example of the triggered alerts panel:
Alerts priority panel:
If you don't want to use the demo alerts I used in the example, just rename the file "default/savedsearches.conf" to "default/savedsearches.conf.old".
Obs: By default, alerts are summarized in the "summary" index, but you can change to the desired index by going to the app's settings.