Overview
This dashboard shows a similar widget field and layout to the widgets in the OpenCTI Splunk Add-on as published in Splunkbase
- Note: The default timerange on this dashboard is "Last Month" - please reset this after loading.
This dashboard has a layout very similar to the OCTI Splunk app, allowing the OpenCTI user to quickly check the nature of IOCs being sent to Splunk, as well as to compare counts on both Splunk and OpenCTI to verify the sync is operating correctly.
Note that this dashboard operates on the assumption that your Splunk Stream uses the same filter as the dashboard widgets! For the dashboard, this is Type = Indicator AND label = send_to_splunk. If you have a different filter on your Splunk stream, you should edit these
Basic information
Filigran
Damian Skeeles
December 31, 2025
6.6.17
70+
40+