From f7303db08ed7e0d921127c1f8f41133ad854fb3f Mon Sep 17 00:00:00 2001 From: Chris McHenry Date: Wed, 25 Feb 2026 17:12:10 -0500 Subject: [PATCH 1/2] Add dashboard screenshots to README Co-Authored-By: Claude Opus 4.6 --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 741d7bf..093e654 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,14 @@ Security visibility and analytics for **Aviatrix Distributed Cloud Firewall** in Splunk. Provides CIM-compliant field extractions and pre-built dashboards for SIEM/SOC teams. +## Screenshots + +![Security Overview](screenshots/01_overview.png) + +![Traffic Analysis](screenshots/02_traffic_analysis.png) + +![Threat Detection](screenshots/03_threat_detection.png) + ## Apps This repository contains two Splunk apps, designed to be installed together: From a6debeb8bf5f50a4a0d17aee744203981491782d Mon Sep 17 00:00:00 2001 From: Chris McHenry Date: Sun, 1 Mar 2026 07:40:32 -0500 Subject: [PATCH 2/2] Add Aviatrix SIEM Connector reference to README Co-Authored-By: Claude Opus 4.6 --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 093e654..66c8814 100644 --- a/README.md +++ b/README.md @@ -45,10 +45,14 @@ Pre-built dashboards for monitoring Aviatrix Cloud Firewall activity. - **Gateway Health** -- CPU, memory, disk, network throughput per gateway - **Audit Trail** -- Controller API changes, user activity, success/failure tracking +## Log Ingestion + +These apps are designed to work with the [Aviatrix SIEM Connector](https://github.com/AviatrixSystems/aviatrix-siem-connector), which parses Aviatrix Syslog messages and posts them to Splunk via HEC (HTTP Event Collector). + ## Requirements - Splunk Enterprise 8.0+ or Splunk Cloud -- Aviatrix Controller with logging configured to send via HEC +- [Aviatrix SIEM Connector](https://github.com/AviatrixSystems/aviatrix-siem-connector) for log ingestion - CIM Add-on 4.0+ (for data model acceleration) ## Installation