The ThreatDown Visibility and Dashboards app provides custom Splunk searches and dashboards for Nebula endpoint data. This app provides a visual experience for Nebula users. Dashboards have been optimized for fast performance and contain custom drill-downs.
Download ThreatDown Visibility and Dashboards app
To download the ThreatDown Visibility and Dashboards app:
- Go to the ThreatDown Visibility and Dashboards page in Splunkbase.
- Click on LOGIN TO DOWNLOAD. If already logged into Splunkbase, click on DOWNLOAD.
- Enter your Splunk user credentials.
Install Visibility and Dashboards app
Where you install the Nebula app is based on your Splunk environment.
Splunk Enterprise Single Instance Environments
Install the Visibility and Dashboards app in the same location where the Splunk components, Search Tier, Indexer Tier, and Forwarder Tier are located. For instructions on installing add-on in a single instance environments, refer to Splunk's support article Install an add-on in a single-instance Splunk Enterprise deployment.
Splunk Enterprise Distributed Environments
Install the Visibility and Dashboards app where your Search Tier is located. For instructions on installing an add-on in a distributed Splunk Enterprise environment, refer to Splunk's support article Install an add-on in a distributed Splunk Enterprise deployment.
View Splunk dashboards
Click each tab to view Splunk dashboards showing Nebula information. Filter your dashboards by selecting the dropdowns Make your time and an Index to search from the dropdown options.
Save time and index selections by choosing Save Selected Inputs on the top right.
Overview dashboard
The overview Dashboard shows Endpoint details, Detection and Quarantined items, Suspicious Activities, Audit Events, and Alerts.
Endpoints dashboard
Endpoints Lite dashboard
Detections dashboard
Suspicious Activity dashboard
Audit events dashboard
Alerts dashboard
Vulnerabilities dashboard
OS Patches dashboard
Device Control dashboard
Return to the Nebula integration with Splunk guide.