When I started teaching myself Splunk and saw that you could create dashboards, I quickly became addicited and started building out as many ideas as I possibly could. The goal is to figure out how to package these into an app that can be quickly deployed and configured to any splunk instance.

The other part that inspired this was to build out a Threat Hunting envirnment for trying to detect attacks and also learning how to not get noticed when doing red team engagments.

Be sure to drop ideas and improvements! I'm still learning and would enjoy other's viewpoints!

This dashboard pulls blocked outgoing connections from a firewall source and lists how many connections are going out on which ports to easily get an idea of what machine is trying to out on what port and how many times. Clicking on the dashboard opens up Dashboard 2

This dashboard is a drilldown from dashboard 1. This is host specific allowing you to see the IPs and port that are being reached out too. It also has quick access to the raw event logs.

This dashboard monitors and checks for all logins in a Windows envirnment.

This dashboard will list out all all relevant Windows Security Events in a quick way to view.

TODO: Create a new dashboard for specific ALERTS and add drilldowns to a host based dashboard.