{"id":22180578,"url":"https://github.com/dcso/tie-splunk-app","last_synced_at":"2025-03-24T18:46:02.663Z","repository":{"id":128726037,"uuid":"171307140","full_name":"DCSO/TIE-Splunk-App","owner":"DCSO","description":"Splunk App (Dashboard) for DCSO Threat Intelligence Engine (TIE)","archived":false,"fork":false,"pushed_at":"2020-06-17T07:49:09.000Z","size":3666,"stargazers_count":2,"open_issues_count":11,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-01-29T23:29:50.859Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/DCSO.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-02-18T15:20:09.000Z","updated_at":"2024-02-14T14:28:13.000Z","dependencies_parsed_at":"2023-04-08T09:45:55.115Z","dependency_job_id":null,"html_url":"https://github.com/DCSO/TIE-Splunk-App","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DCSO%2FTIE-Splunk-App","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DCSO%2FTIE-Splunk-App/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DCSO%2FTIE-Splunk-App/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/DCSO%2FTIE-Splunk-App/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/DCSO","download_url":"https://codeload.github.com/DCSO/TIE-Splunk-App/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245331974,"owners_count":20598082,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-02T09:18:45.972Z","updated_at":"2025-03-24T18:46:02.645Z","avatar_url":"https://github.com/DCSO.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"DCSO Threat Intelligence Engine (TIE) App for Splunk\n====================================================\n\nCopyright (c) 2015, 2020, DCSO Deutsche Cyber-Sicherheitsorganisation GmbH\n\nSplunk App (Dashboard) for DCSO Threat Intelligence Engine (TIE).\n\n\n# Prerequisites and Installation\n\n* Python v3.7 or greater\n* Splunk Enterprise 8 or greater\n* DCSO TIE (legacy) or Portal API token (with Pinkback permission)\n* Connection from your Splunk instance(s) to https://tie.dcso.de:443 (check your firewall setup)\n\n## Installation\n\nYou can install the DCSO TIE App within the Splunk Enterprise Web interface:\n\n1. click on the `splunk\u003eenterprise`-logo\n2. click on the wheel next next to 'Apps'\n3. click 'Install app from file'\n4. choose the file, navigating to the folder on your local machine containing a file called like `DCSO_TIE_Splunk_App2-2.0.0b1.zip`\n5. if you are upgrading, make sure to check 'Upgrade app'\n6. click 'Upload'\n\nYou can also install the app through the Splunk CLI (Command Line Interface):\n\n```\n${SPLUNK_HOME}/bin/splunk install app DCSO_TIE_Splunk_App2-2.0.0b1.zip\n```\n\n# Configuration\n\nAfter installation, the app needs to be configured.\n\n## Splunk App Setup Page\n\nAfter installation you must setup the app or add-on.\n\nImportant: when a configuration is not correct, it is stored, but an error appears in the Splunk Web tool.\nThis error, however, does not tell you exactly what is wrong. You have to open the log file (see below) to\nfind out what exactly is wrong.\n\nAn API or Machine Token is required to access the Threat Intelligence Engine or TIE. Both the legacy\ntoken created through `tie.dcso.de` and the newer tokens created through `portal.dcso.de` are supported.\nIf you have any questions about this Token, please contact DCSO (see below).\n\nThere are few more details about the configuration:\n\n* **API Token**: either a legacy tie.dcso.de token, or new one created through the DCSO Portal.\n\n\n## Pingback\n\nPingback is a function to report observations of the given IoCs. Only timestamp, count per second, data type and value is transferred.\n\n## CIM Datamodels\n\nFor a working retro hunt please enable/accelerate the CIM datamodels \"Web\" and \"Network Traffic\".\n\n#  Usage\n\n## Logging\n\nThis app will log errors, warnings, and other informative messages to a separate log file within\nthe folder `${SPLUNK_HOME}/var/log/splunk`. The file is called `dcso_tie.log` and is rotated 6 times.\n\nThe entries in this log file are stored, when executed by Splunk, as JSON. This makes it ready to be\nmonitored by Splunk itself.\n\n# Contact\n\n* Email: ti-support [a] dcso.de\n* Website: https://dcso.de\n\n# Development \u0026 Deployment\n\n## Deployment\n\nThe app can be packaged using the normal `distutils` command. However, for Splunk we need\nto adapt a bit so that it is easy to create, deploy and install.\n\n### For Splunk\n\nThis app has it's own `distutils` command called `splunkdist`:\n\n```shell\n$ python setup.py splunkdist --format=zip\n```\n\nThe above command will create a ZIP archive in the folder `dist/`. The name of the file is so that\nit contains the major and full version of this app. The folder it unpacks too has simply the\nmajor version, for example:\n\n```\n$ python setup.py splunkdist --format=zip\n\n# creates:\ndist/DCSO_TIE_Splunk_App2-2.0.0b1.zip\n\n$ unzip -l dist/DCSO_TIE_Splunk_App2-2.0.0b6.zip\nArchive:  dist/DCSO_TIE_Splunk_App2-2.0.0b6.zip\n  Length      Date    Time    Name\n---------  ---------- -----   ----\n        0  05-26-2020 13:36   DCSO_TIE_App2/\n        0  05-26-2020 13:36   DCSO_TIE_App2/bin/\n        0  05-26-2020 13:36   DCSO_TIE_App2/default/\n        0  05-26-2020 13:36   DCSO_TIE_App2/static/\n...\n```\n\n# License\n\nSee LICENSE file included in the repository.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdcso%2Ftie-splunk-app","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdcso%2Ftie-splunk-app","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdcso%2Ftie-splunk-app/lists"}