Splunk Explorer Dashboard

[this is for v4.0.x of the Recorded Future App for Splunk Enterprise]

Splunk Explorer

The Splunk Explorer is a Splunk dashboard designed to help the user find different ways of correlating their data with Recorded Future Risk Lists. The dashboard uses a REST call to find all the available lookup files in the lookups folder within the Splunk App.

To use the dashboard, just follow these few steps:

  • Select among the available risk lists in the first drop down menu.
  • Select among the different sourcetypes available in the local install in the second drop down menu.
  • Select among the different fields, automatically populated after selecting the sourcetype, which one you want to use to correlate against the risk list chosen in the first drop down menu.

The different panels display different statistics. From left to right:

  • The amount of rows in the selected risk list
  • The amount of events in Splunk with the selected field and sourcetype during the last 36 hours
  • The amount of events where the field selected matches a row in the risk list
  • Table containing most frequently occurring values in the selected field and sourcetype
  • Table containing the correlated matches enriched with information from the risk list

Below is an example screenshot of the Splunk Explorer Dashboard using an IP risk list with firewall logs and the dst (destination) field within that sourcetype.

Example view of the Splunk Explorer Dashboard

Further help

Your Recorded Future Intelligence Services consultant would be happy to help you with additional questions and advice.  If you do not know who that is, you can also contact support@recordedfuture.com.

Please do not contact Splunk support about "Recorded Future for Splunk Enterprise".

Was this article helpful?
0 out of 0 found this helpful

This content is confidential. Downloading or distributing this content is in violation of your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Have more questions? Submit a request



Please sign in to leave a comment. Please note that your name will be displayed. If you would like to change how your name appears, please update your profile name.