Skip to content

Collection of Dashboards for Threat Hunting and more!

Notifications You must be signed in to change notification settings

Truvis/SplunkDashboards

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

be sure to star and follow this project if you like it. By doing so it lets me know which of my works people enjoy the most so development can be prioritized

Dashboards

When I started teaching myself Splunk and saw that you could create dashboards, I quickly became addicited and started building out as many ideas as I possibly could. The goal is to figure out how to package these into an app that can be quickly deployed and configured to any splunk instance.

The other part that inspired this was to build out a Threat Hunting envirnment for trying to detect attacks and also learning how to not get noticed when doing red team engagments.

Be sure to drop ideas and improvements! I'm still learning and would enjoy other's viewpoints!

  • TODO: Add colors across all dashboards
  • TODO: Standardize naming of fields
  • TODO: Add summary of what each dashboard does
  • TODO: List configuration settings and requirements on hosts such as index, sourcetype, source

Windows

Configuration

Dashboards

User Windows Security Overview [MAIN]

2020_09_22_06_11_24_Truvis_User_Windows_Security_Overview_MAIN_Splunk_8 0 5

Host Windows Security Overview [MAIN]

2020_09_22_06_13_32_Truvis_Host_Windows_Security_Overview_MAIN_Splunk_8 0 5

Linux

Configuration

Dashboards

User Linux Security Overview [MAIN]

2020_09_22_05_54_26_What_is_Penetration_Testing_Step_By_Step_Process_Methods_Imperva

Host Linux Security Overview [MAIN]

TODO: Update to use the new linux history TA to get src_ip 2020_09_22_06_06_47_What_is_Penetration_Testing_Step_By_Step_Process_Methods_Imperva

Host Linux Dashboard by ENDPOINT [SUB]

TODO: Still under development and needs to be update to pull from new sources 2020_09_22_06_07_52_Truvis_Host_Linux_Dashboard_by_ENDPOINT_SUB_Splunk_8 0 5

Suricata

Configuration

Dashboards

Suricata Network Overview [MAIN]

TODO: Add the ability to exclude in filter 2020_09_22_06_15_56_What_is_Penetration_Testing_Step_By_Step_Process_Methods_Imperva

Suricata Host Overview [SUB]

TODO: Needs HOST input added for host control 2020_09_22_06_17_09_Truvis_Suricata_Host_Overview_SUB_Splunk_8 0 5

Suricata Categories Overview [SUB]

2020_09_22_06_18_25_Truvis_Suricata_Categories_Overview_SUB_Splunk_8 0 5

Suricata Signature Overview [SUB]

2020_09_22_06_19_14_Truvis_Suricata_Signature_Overview_SUB_Splunk_8 0 5

Network

Configuration

Dashboards

Network Intelligence Overview [MAIN]

TODO: Need threatintel list for refference 2020_09_22_06_20_59_Truvis_Network_Intelligence_Overview_MAIN_Splunk_8 0 5

Network Intelligence by ENDPOINT [SUB]

TODO: Need threatintel list for refference 2020_09_22_06_22_06_Truvis_Network_Intelligence_by_ENDPOINT_SUB_Splunk_8 0 5

Blocked Out Going Connections BY IP [MAIN]

2020_09_22_06_23_31_Truvis_Blocked_Out_Going_Connections_BY_IP_MAIN_Splunk_8 0 5

Blocked Out Going Connections by ENDPOINT [SUB]

TODO: Needs host control 2020_09_22_06_24_54_Truvis_Blocked_Out_Going_Connections_by_ENDPOINT_SUB_Splunk_8 0 5

Threat Hutning

Configuration

Dashboards

Truvis-Threat Intelligence Windows Accounts [MAIN]

2020-10-17 12_34_22-Truvis-Threat Intelligence Windows Accounts  MAIN  _ Splunk 8 0 5

Truvis-Threat Intelligence Network [MAIN]

2020-10-17 12_33_38-root@splunk_~

Zeek

Configuration

Dashboards