Skip to content

apger/SA-RBA

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

SA-RBA (DEPRECATED)

This reference app is no longer supported but fear not, RBA is still thriving. The mechanics detailed in this app are now built into Splunk Enterprise Security and fully supported as of version 6.6.

The Investigative dashboards that are shown off in the Splunk RBA demo are an often requested artifact and I posted them here: https://github.com/apger/RBA-ES6.6-Demo-Dashboards

Dependencies

URL Toolbox: https://splunkbase.splunk.com/app/2734/

Semicircle Donut Chart Viz: https://splunkbase.splunk.com/app/4378/

Network Diagram Viz: https://splunkbase.splunk.com/app/4438/

Sankey Diagram - Custom Visualization: https://splunkbase.splunk.com/app/3112/

Event Timeline Viz: https://splunkbase.splunk.com/app/4370/

Note on proxy usage

azerty728 correctly pointed out in one of the previous issues that the genmitrelookup script runs just fine through a locally configured proxy when a single line (import os) is added to the underlying python script. That fix has been added and tested against these Splunk best practice for configuring a proxy: https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/ConfigureSplunkforproxy OR https://docs.splunk.com/Documentation/Splunk/8.0.6/Admin/Serverconf.

About

Risk Based Alerting Supporting Add-On (SA) for Splunk

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages