Last year I was creating my own Cyber Defence app based on data models, due to time and projects this was slow in terms of completing it…Then, this was released, I had a peep and it’s so good, I wanted to mention it.
It’s really for small – medium customers that cannot put in place Splunk (SIEM) Enterprise Security Application solution, which is extra cost and requires careful design, install and config. That said I have implemented Splunk’s ES SIEM for a small number of customers as they required it for ISO 27001 compliance.
So this InfoSec app, provides out of the box dashboards, alerts, and searches that will give instant value. It does require you enable the data models, this is the normalisation of the data from multiple security log sources, but once this is in place, the lights come on and boy is it good value – its free!
https://splunkbase.splunk.com/app/4240/
This is from my lab, you can see the various dashboards.
iOpsMon 