{"id":31816732,"url":"https://github.com/splunk/splunk-app-for-dspt-compliance","last_synced_at":"2025-10-11T09:58:04.936Z","repository":{"id":44089314,"uuid":"406267223","full_name":"splunk/splunk-app-for-dspt-compliance","owner":"splunk","description":"This app provide assistance in yearly compliance to the Data Security and Protection Toolkit (DSPT)","archived":false,"fork":false,"pushed_at":"2022-10-27T12:18:52.000Z","size":3665,"stargazers_count":0,"open_issues_count":0,"forks_count":3,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-04-15T02:58:41.772Z","etag":null,"topics":["app","data-security","security","splunk-addon","splunk-app","splunk-application","splunk-apps","toolkit"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/splunk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-09-14T07:25:26.000Z","updated_at":"2021-12-15T10:07:45.000Z","dependencies_parsed_at":"2023-01-20T07:47:11.124Z","dependency_job_id":null,"html_url":"https://github.com/splunk/splunk-app-for-dspt-compliance","commit_stats":null,"previous_names":[],"tags_count":15,"template":false,"template_full_name":null,"purl":"pkg:github/splunk/splunk-app-for-dspt-compliance","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-app-for-dspt-compliance","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-app-for-dspt-compliance/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-app-for-dspt-compliance/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-app-for-dspt-compliance/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/splunk","download_url":"https://codeload.github.com/splunk/splunk-app-for-dspt-compliance/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/splunk%2Fsplunk-app-for-dspt-compliance/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279006750,"owners_count":26084185,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["app","data-security","security","splunk-addon","splunk-app","splunk-application","splunk-apps","toolkit"],"created_at":"2025-10-11T09:57:56.090Z","updated_at":"2025-10-11T09:58:04.928Z","avatar_url":"https://github.com/splunk.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Splunk App for DSPT Compliance\nThis app has been created to assist in yearly compliance to the Data Security and Protection Toolkit (DSPT). \nThe DSPT Audit applies.\n\n## Features\n* Recurrent retrieval of cyber alerts from feeds to enrich data analysis\n* Dashboards to ease compliance with the DSPT for audit purposes:\n    \n    | **Dashboard Name**     | **Description**                                     |\n    |------------------------|-----------------------------------------------------|\n    | Overview               | General overview of monitored data                  |\n    | Administrator          | Audit admisitrator activity required for DSPT       |\n    | User                   | Audit user activity required for DSPT               |\n    | Host                   | Audit hosts required for DSPT                       |\n    | Malware                | Audit malware activity required for DSPT            |\n    | Network                | Audit \u0026 Monitor network activity                    |\n    | VPN                    | Audit \u0026 monitor vpn activity                        |\n    | Cyber Alerts           | Cyber Alerts details                                |\n    | Evidence Questionnaire | Enables users to fill in the evidence questionnaire |\n\n## Getting Started\n### Requirements\n* [Splunk Common Information Model App](https://splunkbase.splunk.com/app/1621/)\n* [Lookup File Editor](https://splunkbase.splunk.com/app/1724/)\n* Accelerated Data Models:\n 1. Authentication\n 2. Change\n 3. Endpoint\n 4. Intrusion Detection\n 5. Malware\n 6. Network Sessions\n 7. Network Traffic\n 8. Web\n\nData required to fully utilise this app:\n\n* Active Directory\n* Edge Firewalls\n* Windows Event Logs\n* Windows Update Logs\n* Windows Host Mon (OS Stanza)\n* Anti Virus Logs\n* VPN Logs\n\n### Installation\nPlease refer to the [Splunk Documentation](https://docs.splunk.com/Documentation/AddOns/released/Overview/Installingadd-ons) for guidance on installing the Add-On in your environment. The app needs to be installed on the SH tier.\n\n#### Configure Cyber Alerts Indexing\nBy default the app comes with a pre-configured and disabled input named `main`, that will daily fetch cyber alerts via NHS REST API and store them in the default index.\n\nFor customizations or additional feeds, from your Splunk instance Web Interface:\n* Browse to *Settings / Data Inputs*\n* Select *Splunk App for DSPT Compliance* and provide the following info:\n    * **Name** of the input\n    * **REST API** endpoint to fetch cyber alerts\n    * **Enable Checkpoint** - to align with your events duplication policy\n    * (Optional) **More settings** - to specify host, interval, index and sourcetype\n\n\u003e Dear **admins**, please first enable the input, if you decide to store cyber alerts in another index, please make sure you update the macro `default_index` with *Definition* such as `index=\u003cYOUR_INDEX\u003e`\n\n### Usage\nOnce installed, from your Splunk instance Web Interface, select the app *DSPT Compliance* and navigate through the dashboards to verify content.\n\nThe app aims to assist in DSPT asertions where IT staff are asked to regularly review certain activity types or provide evidence against ascertions. Where a monitoring requirement is required the dashboards found within the 'Audit\" drop down can be used. Where Evidence is required, reports can be found to faciilitate the capture of required information.\n\n#### Troubleshooting\nUseful SPL searches to:\n* Verify Cyber Alerts indexing `index=_internal nhs_cyberalerts.py`\n* Verify the index has been populated with Cyber Alerts `index=main`\n    \u003e Please replace `main` with the index  specified in the configuration and make sure the time range is set on `All time`\n\n## Contributing\nIf you would like to contribute to this app, see [CONTRIBUTING](CONTRIBUTING.md).\n\n## References\n* [NHS Cyber Alerts API](https://digital.nhs.uk/services/data-security-centre/cyber-alerts-api/get-cyber-alerts)\n\n## Credits\nApp has been developed by Kevin Pyart, Senior Splunk SE (UK Public Sector)\n\nFor Support please contact kpyart@splunk.com\n\n## License\nhttps://www.apache.org/licenses/LICENSE-2.0.txt\n\nLicense\nCopyright 2021 Splunk Inc.\n\nLicensed under the Apache License, Version 2.0 (the \"License\"); you may not use this file except in compliance with the License. You may obtain a copy of the License at\n\nhttp://www.apache.org/licenses/LICENSE-2.0\n\nUnless required by applicable law or agreed to in writing, software distributed under the License is distributed on an \"AS IS\" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-app-for-dspt-compliance","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsplunk%2Fsplunk-app-for-dspt-compliance","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsplunk%2Fsplunk-app-for-dspt-compliance/lists"}