Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[DPDV-2925] renamed example dashboard and updated TA's readme file #85

Merged
merged 7 commits into from
Sep 22, 2023
Merged

[DPDV-2925] renamed example dashboard and updated TA's readme file #85

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
f370c51
Added/updated dashboards and updated the readme
tmartin-s1 Sep 19, 2023
7aab32d
removed drilldowns
tmartin-s1 Sep 19, 2023
43a17a7
Update soc_search_examples.xml
mike-mcgrail Sep 19, 2023
af53b7e
Updated Label and icons to S1 branding
tmartin-s1 Sep 20, 2023
91ce67f
Merge branch 'main' into tmartin-updates
mike-mcgrail Sep 20, 2023
4708448
rename dashboard and update TA's readme.
tmartin-s1 Sep 22, 2023
e2e20fd
Merge branch 'main' into tmartin-updates
mike-mcgrail Sep 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions Splunk Dashboards/dataset_by_example.xml → Splunk Dashboards/sdl_by_example.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@
</row>
<row>
<panel>
<title>Searching Your Data in DataSet</title>
<title>Searching Your Data in Singularity Data Lake</title>
<html>
<b>This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your DataSet Read API Key is to run a simple test to make sure you can access Dataset.</b>
<b>This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your Singularity Data Lake Read API Key is to run a simple test to make sure you can access Singularity Data Lake.</b>
</html>
</panel>
</row>
Expand Down Expand Up @@ -78,8 +78,8 @@
<row>
<panel>
<html>
<h3>Now let's talk about executing queries against DataSet.</h3>
The first thing you need to know is that this Add-On provides four methods to query DataSet:
<h3>Now let's talk about executing queries against Singularity Data Lake.</h3>
The first thing you need to know is that this Add-On provides four methods to query Singularity Data Lake:
<ol>
<li>
<b>Base Data Query</b> - This will return the raw event data (fast, but very verbose). This type of query returns all evetn data so be mindful of the amount of data pushed across the wire and held in memory.</li>
Expand Down Expand Up @@ -142,7 +142,7 @@
<initialValue>All</initialValue>
</input>
<input id="baseQuery" type="text" token="baseQuery">
<label>Base DataSet query</label>
<label>Base query</label>
<default>$baseQuery$</default>
</input>
</panel>
Expand All @@ -166,7 +166,7 @@
</row>
<row>
<panel>
<title>Now let's select a field to aggregate statistics on in DataSet. (This is exponentially better performance than returning all data and using SPL to summarize.)</title>
<title>Now let's select a field to aggregate statistics on in Singularity Data Lake. (This is exponentially better performance than returning all data and using SPL to summarize.)</title>
<input type="dropdown" token="myTag" searchWhenChanged="true">
<label>Field to aggregate by</label>
<choice value="tag">tag</choice>
Expand All @@ -187,7 +187,7 @@
</row>
<row>
<panel>
<title>2. PowerQuery: Aggregate in DataSet and display in Splunk!</title>
<title>2. PowerQuery: Aggregate in Singularity Data Lake and display in Splunk!</title>
<input id="basePowerQuery" type="text" token="basePowerQuery">
<label>Enter a PowerQuery to apply to the base query</label>
<default>$basePowerQuery$</default>
Expand All @@ -212,7 +212,7 @@
</row>
<row>
<panel>
<title>3. Facet Query: Aggregate in DataSet, Facet by a specific field and display in Splunk!</title>
<title>3. Facet Query: Aggregate in Singularity Data Lake, Facet by a specific field and display in Splunk!</title>
<input id="baseFacetQuery" type="text" token="baseFacetQuery">
<label>Enter a Facet Query to apply to the base query</label>
<default>$baseFacetQuery$</default>
Expand Down
2 changes: 1 addition & 1 deletion TA_dataset/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# TA_dataset
This add-on integrates with [DataSet](https://www.dataset.com) by [SentinelOne](https://www.sentinelone.com).
This add-on integrates with [DataSet](https://www.dataset.com) and [Singularity Data Lake](https://www.sentinelone.com/platform/xdr-ingestion) by [SentinelOne](https://www.sentinelone.com).

For more information, see the [GitHub](https://github.com/scalyr/dataset-addon-for-splunk) repository.
##### Note
Expand Down
4 changes: 2 additions & 2 deletions TA_dataset/default/app.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ state = enabled
build = 1

[launcher]
author = DataSet by SentinelOne
author = SentinelOne
version = 2.0.44-SNAPSHOT
description = The Singularity Data Lake Add-On for Splunk integrates with DataSet by SentinelOne
description = The Singularity Data Lake Add-On for Splunk integrates SentinelOne's Data Lake or DataSet

[ui]
is_visible = 1
Expand Down
2 changes: 1 addition & 1 deletion TA_dataset/default/data/ui/nav/default.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@
<view name="search"/>
<collection label="Dashboards">
<view name="dashboards" />
<view name="dataset_by_example" />
<view name="sdl_by_example" />
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason why this view name was updated, but not the one above (https://github.com/scalyr/dataset-addon-for-splunk/pull/85/files#diff-e668fdf76aa883261ba892675c90ab1886cdcd87338700ddc3656cbd2a901fcbR20)?

<view name="sentinelone_use_case_query_examples" />
<view name="soc_search_examples" />
<view name="ingestion_summary" />
Expand Down
16 changes: 8 additions & 8 deletions ...ault/data/ui/views/dataset_by_example.xml → .../default/data/ui/views/sdl_by_example.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,9 +45,9 @@
</row>
<row>
<panel>
<title>Searching Your Data in DataSet</title>
<title>Searching Your Data in Singularity Data Lake</title>
<html>
<b>This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your DataSet Read API Key is to run a simple test to make sure you can access Dataset.</b>
<b>This dashboard will help get you started on your journey. The first thing you'll want to do after configuring your Singularity Data Lake Read API Key is to run a simple test to make sure you can access Singularity Data Lake.</b>
</html>
</panel>
</row>
Expand Down Expand Up @@ -78,8 +78,8 @@
<row>
<panel>
<html>
<h3>Now let's talk about executing queries against DataSet.</h3>
The first thing you need to know is that this Add-On provides four methods to query DataSet:
<h3>Now let's talk about executing queries against Singularity Data Lake.</h3>
The first thing you need to know is that this Add-On provides four methods to query Singularity Data Lake:
<ol>
<li>
<b>Base Data Query</b> - This will return the raw event data (fast, but very verbose). This type of query returns all evetn data so be mindful of the amount of data pushed across the wire and held in memory.</li>
Expand Down Expand Up @@ -142,7 +142,7 @@
<initialValue>All</initialValue>
</input>
<input id="baseQuery" type="text" token="baseQuery">
<label>Base DataSet query</label>
<label>Base query</label>
<default>$baseQuery$</default>
</input>
</panel>
Expand All @@ -166,7 +166,7 @@
</row>
<row>
<panel>
<title>Now let's select a field to aggregate statistics on in DataSet. (This is exponentially better performance than returning all data and using SPL to summarize.)</title>
<title>Now let's select a field to aggregate statistics on in Singularity Data Lake. (This is exponentially better performance than returning all data and using SPL to summarize.)</title>
<input type="dropdown" token="myTag" searchWhenChanged="true">
<label>Field to aggregate by</label>
<choice value="tag">tag</choice>
Expand All @@ -187,7 +187,7 @@
</row>
<row>
<panel>
<title>2. PowerQuery: Aggregate in DataSet and display in Splunk!</title>
<title>2. PowerQuery: Aggregate in Singularity Data Lake and display in Splunk!</title>
<input id="basePowerQuery" type="text" token="basePowerQuery">
<label>Enter a PowerQuery to apply to the base query</label>
<default>$basePowerQuery$</default>
Expand All @@ -212,7 +212,7 @@
</row>
<row>
<panel>
<title>3. Facet Query: Aggregate in DataSet, Facet by a specific field and display in Splunk!</title>
<title>3. Facet Query: Aggregate in Singularity Data Lake, Facet by a specific field and display in Splunk!</title>
<input id="baseFacetQuery" type="text" token="baseFacetQuery">
<label>Enter a Facet Query to apply to the base query</label>
<default>$baseFacetQuery$</default>
Expand Down
Loading