be sure to star and follow this project if you like it. By doing so it lets me know which of my works people enjoy the most so development can be prioritized

Dashboards

When I started teaching myself Splunk and saw that you could create dashboards, I quickly became addicited and started building out as many ideas as I possibly could. The goal is to figure out how to package these into an app that can be quickly deployed and configured to any splunk instance.

The other part that inspired this was to build out a Threat Hunting envirnment for trying to detect attacks and also learning how to not get noticed when doing red team engagments.

Be sure to drop ideas and improvements! I'm still learning and would enjoy other's viewpoints!

• TODO: Add colors across all dashboards
• TODO: Standardize naming of fields
• TODO: Add summary of what each dashboard does
• TODO: List configuration settings and requirements on hosts such as index, sourcetype, source

Windows

Configuration

Dashboards

User Windows Security Overview [MAIN]

Host Windows Security Overview [MAIN]

Linux

Configuration

• Uses a custom history configuration on the host machines
• Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Linux_History

Dashboards

User Linux Security Overview [MAIN]

Host Linux Security Overview [MAIN]

TODO: Update to use the new linux history TA to get src_ip

Host Linux Dashboard by ENDPOINT [SUB]

TODO: Still under development and needs to be update to pull from new sources

Suricata

Configuration

• Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Suricata5
• Uses a server configured with port mirror running suricata*

Dashboards

Suricata Network Overview [MAIN]

TODO: Add the ability to exclude in filter

Suricata Host Overview [SUB]

TODO: Needs HOST input added for host control

Suricata Categories Overview [SUB]

Suricata Signature Overview [SUB]

Network

Configuration

Dashboards

Network Intelligence Overview [MAIN]

TODO: Need threatintel list for refference

Network Intelligence by ENDPOINT [SUB]

TODO: Need threatintel list for refference

Blocked Out Going Connections BY IP [MAIN]

Blocked Out Going Connections by ENDPOINT [SUB]

TODO: Needs host control

Threat Hutning

Configuration

• Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Suricata5
• Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Linux_History
• Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Opnsense-20.1.X
• Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Zeek
• Uses a server configured with port mirror running suricata/zeek*
• TODO: Breakout the bigger dashes to subs based on services for example

Dashboards

Truvis-Threat Intelligence Windows Accounts [MAIN]

Truvis-Threat Intelligence Network [MAIN]

Zeek

Configuration

• Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Zeek
• Uses a server configured with port mirror running zeek*

Dashboards