be sure to star and follow this project if you like it. By doing so it lets me know which of my works people enjoy the most so development can be prioritized

Dashboards

When I started teaching myself Splunk and saw that you could create dashboards, I quickly became addicited and started building out as many ideas as I possibly could. The goal is to figure out how to package these into an app that can be quickly deployed and configured to any splunk instance.

The other part that inspired this was to build out a Threat Hunting envirnment for trying to detect attacks and also learning how to not get noticed when doing red team engagments.

Be sure to drop ideas and improvements! I'm still learning and would enjoy other's viewpoints!

TODO: Add colors across all dashboards
TODO: Standardize naming of fields
TODO: Add summary of what each dashboard does
TODO: List configuration settings and requirements on hosts such as index, sourcetype, source

Windows

Configuration

Dashboards

User Windows Security Overview [MAIN]

2020_09_22_06_11_24_Truvis_User_Windows_Security_Overview_MAIN_Splunk_8 0 5

Host Windows Security Overview [MAIN]

2020_09_22_06_13_32_Truvis_Host_Windows_Security_Overview_MAIN_Splunk_8 0 5

Linux

Configuration

Uses a custom history configuration on the host machines
Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Linux_History

Dashboards

User Linux Security Overview [MAIN]

2020_09_22_05_54_26_What_is_Penetration_Testing_Step_By_Step_Process_Methods_Imperva

Host Linux Security Overview [MAIN]

TODO: Update to use the new linux history TA to get src_ip 2020_09_22_06_06_47_What_is_Penetration_Testing_Step_By_Step_Process_Methods_Imperva

Host Linux Dashboard by ENDPOINT [SUB]

TODO: Still under development and needs to be update to pull from new sources 2020_09_22_06_07_52_Truvis_Host_Linux_Dashboard_by_ENDPOINT_SUB_Splunk_8 0 5

Suricata

Configuration

Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Suricata5
Uses a server configured with port mirror running suricata*

Dashboards

Suricata Network Overview [MAIN]

TODO: Add the ability to exclude in filter 2020_09_22_06_15_56_What_is_Penetration_Testing_Step_By_Step_Process_Methods_Imperva

Suricata Host Overview [SUB]

TODO: Needs HOST input added for host control 2020_09_22_06_17_09_Truvis_Suricata_Host_Overview_SUB_Splunk_8 0 5

Suricata Categories Overview [SUB]

2020_09_22_06_18_25_Truvis_Suricata_Categories_Overview_SUB_Splunk_8 0 5

Suricata Signature Overview [SUB]

2020_09_22_06_19_14_Truvis_Suricata_Signature_Overview_SUB_Splunk_8 0 5

Network

Configuration

Dashboards

Network Intelligence Overview [MAIN]

TODO: Need threatintel list for refference 2020_09_22_06_20_59_Truvis_Network_Intelligence_Overview_MAIN_Splunk_8 0 5

Network Intelligence by ENDPOINT [SUB]

TODO: Need threatintel list for refference 2020_09_22_06_22_06_Truvis_Network_Intelligence_by_ENDPOINT_SUB_Splunk_8 0 5

Blocked Out Going Connections BY IP [MAIN]

2020_09_22_06_23_31_Truvis_Blocked_Out_Going_Connections_BY_IP_MAIN_Splunk_8 0 5

Blocked Out Going Connections by ENDPOINT [SUB]

TODO: Needs host control 2020_09_22_06_24_54_Truvis_Blocked_Out_Going_Connections_by_ENDPOINT_SUB_Splunk_8 0 5

Threat Hutning

Configuration

Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Suricata5
Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Linux_History
Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Opnsense-20.1.X
Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Zeek
Uses a server configured with port mirror running suricata/zeek*
TODO: Breakout the bigger dashes to subs based on services for example

Dashboards

Truvis-Threat Intelligence Windows Accounts [MAIN]

2020-10-17 12_34_22-Truvis-Threat Intelligence Windows Accounts MAIN _ Splunk 8 0 5

Truvis-Threat Intelligence Network [MAIN]

2020-10-17 12_33_38-root@splunk_~

Zeek

Configuration

Uses PLUGIN https://github.com/Truvis/Splunk_TA_Truvis_Zeek
Uses a server configured with port mirror running zeek*

SplunkDashboards
SplunkDashboards copied to clipboard

Metadata

Dashboards

Windows

Configuration

Dashboards

User Windows Security Overview [MAIN]

Host Windows Security Overview [MAIN]

Linux

Configuration

Dashboards

User Linux Security Overview [MAIN]

Host Linux Security Overview [MAIN]

Host Linux Dashboard by ENDPOINT [SUB]

Suricata

Configuration

Dashboards

Suricata Network Overview [MAIN]

Suricata Host Overview [SUB]

Suricata Categories Overview [SUB]

Suricata Signature Overview [SUB]

Network

Configuration

Dashboards

Network Intelligence Overview [MAIN]

Network Intelligence by ENDPOINT [SUB]

Blocked Out Going Connections BY IP [MAIN]

Blocked Out Going Connections by ENDPOINT [SUB]

Threat Hutning

Configuration

Dashboards

Truvis-Threat Intelligence Windows Accounts [MAIN]

Truvis-Threat Intelligence Network [MAIN]

Zeek

Configuration

Dashboards

← Metadata

Owner

Metadata

SplunkDashboards SplunkDashboards copied to clipboard

Metadata

Dashboards

Windows

Configuration

Dashboards

User Windows Security Overview [MAIN]

Host Windows Security Overview [MAIN]

Linux

Configuration

Dashboards

User Linux Security Overview [MAIN]

Host Linux Security Overview [MAIN]

Host Linux Dashboard by ENDPOINT [SUB]

Suricata

Configuration

Dashboards

Suricata Network Overview [MAIN]

Suricata Host Overview [SUB]

Suricata Categories Overview [SUB]

Suricata Signature Overview [SUB]

Network

Configuration

Dashboards

Network Intelligence Overview [MAIN]

Network Intelligence by ENDPOINT [SUB]

Blocked Out Going Connections BY IP [MAIN]

Blocked Out Going Connections by ENDPOINT [SUB]

Threat Hutning

Configuration

Dashboards

Truvis-Threat Intelligence Windows Accounts [MAIN]

Truvis-Threat Intelligence Network [MAIN]

Zeek

Configuration

Dashboards

← Metadata

Owner

Metadata

SplunkDashboards
SplunkDashboards copied to clipboard