At a minimum, you should have data from the following security sources collected by your Splunk environment:
The following free Splunk Add-ons must be installed before you can start using InfoSec App:
The following Data Models must be accelerated:
All data used by InfoSec app must be Common Information Model (CIM)-compliant. The easiest way to accomplish that is to use CIM-compliant Splunk Add-ons for your security data sources
WHERE TO INSTALL THE APP
The app can be installed on a standalone Splunk server, a Search Head or a Search Head Cluster. In a distributed environment do not install the app on Indexers; the app should only be installed on Search Head(s).
INFOSEC APP DOCUMENTATION
Version 1.3.2 - February 1, 2019
- search for malware indicator on Security Posture dashboard;
- drilldowns on Compliance dashboard;
- app package manifest schema changed to v1.0.0 for compatibility with older Splunk Cloud versions
As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps from Splunk, our partners and our community. Find an app for most any data source and user need, or simply create your own with help from our developer portal.