Skip to content
This repository has been archived by the owner on Sep 27, 2023. It is now read-only.

mandiant/DFUR-Splunk-App

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

LICENSE

LICENSE

 
 

README.md

README.md

 
 

dfur-1.0.0.tar.gz

dfur-1.0.0.tar.gz

 
 

Repository files navigation

DFUR-Splunk-App

This repo contains the "DFUR" Splunk application and pre-indexed data referenced in the 2020 SANS DFIR Summit presentation "Captain's Log: Take your application log analysis from Starfleet to Star Fleek" by David Pany and Ryan Tomcik. Get started by installing the application in Splunk and opening up the "DFUR Monitoring" dashboard. Or strip it for parts. Either way, enjoy!

Questions / Comments

Twitter: @heferyzan

Splunk Requirements

App / Add-on Download Notes
Splunk Enterprise / Free http://www.splunk.com
Haversine https://splunkbase.splunk.com/app/936/ If the Haversine application can't be uploaded through the Splunk UI, then extract the file contents to $SPLUNK_HOME/etc/apps
ASN Lookup Generator https://splunkbase.splunk.com/app/3531/ Requires the asngen command to be executed to populate the asn lookup

About

The "DFUR" Splunk application and data that was presented at the 2020 SANS DFIR Summit.

Topics

log-analysis incident-response splunk-application

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

12 stars

Watchers

4 watching

Forks

15 forks
Report repository

Releases

No releases published

Packages

No packages published