From f7303db08ed7e0d921127c1f8f41133ad854fb3f Mon Sep 17 00:00:00 2001
From: Chris McHenry <cmchenry@aviatrix.com>
Date: Wed, 25 Feb 2026 17:12:10 -0500
Subject: [PATCH 1/3] Add dashboard screenshots to README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 741d7bf..093e654 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,14 @@
 
 Security visibility and analytics for **Aviatrix Distributed Cloud Firewall** in Splunk. Provides CIM-compliant field extractions and pre-built dashboards for SIEM/SOC teams.
 
+## Screenshots
+
+![Security Overview](screenshots/01_overview.png)
+
+![Traffic Analysis](screenshots/02_traffic_analysis.png)
+
+![Threat Detection](screenshots/03_threat_detection.png)
+
 ## Apps
 
 This repository contains two Splunk apps, designed to be installed together:

From a6debeb8bf5f50a4a0d17aee744203981491782d Mon Sep 17 00:00:00 2001
From: Chris McHenry <cmchenry@aviatrix.com>
Date: Sun, 1 Mar 2026 07:40:32 -0500
Subject: [PATCH 2/3] Add Aviatrix SIEM Connector reference to README

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 README.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 093e654..66c8814 100644
--- a/README.md
+++ b/README.md
@@ -45,10 +45,14 @@ Pre-built dashboards for monitoring Aviatrix Cloud Firewall activity.
 - **Gateway Health** -- CPU, memory, disk, network throughput per gateway
 - **Audit Trail** -- Controller API changes, user activity, success/failure tracking
 
+## Log Ingestion
+
+These apps are designed to work with the [Aviatrix SIEM Connector](https://github.com/AviatrixSystems/aviatrix-siem-connector), which parses Aviatrix Syslog messages and posts them to Splunk via HEC (HTTP Event Collector).
+
 ## Requirements
 
 - Splunk Enterprise 8.0+ or Splunk Cloud
-- Aviatrix Controller with logging configured to send via HEC
+- [Aviatrix SIEM Connector](https://github.com/AviatrixSystems/aviatrix-siem-connector) for log ingestion
 - CIM Add-on 4.0+ (for data model acceleration)
 
 ## Installation

From 3ceee8a184d8d078f016a0bbeae590233ca61b6f Mon Sep 17 00:00:00 2001
From: Chris McHenry <cmchenry@aviatrix.com>
Date: Sun, 1 Mar 2026 09:00:58 -0500
Subject: [PATCH 3/3] Fix Splunkbase SLIM validation failure and add manifest
 validation to CI

Splunkbase rejected the app because platformRequirements specified >=8.0
which includes no currently supported Splunk Enterprise versions. Updated
both manifests to >=9.0. Added slim validate steps to CI workflow so
manifest issues are caught before submission.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .github/workflows/splunkbase-validate.yml |  6 ++++++
 TA-aviatrix/app.manifest                  |  2 +-
 TA-aviatrix/default/app.conf              |  2 +-
 aviatrix-security/app.manifest            | 10 ++--------
 aviatrix-security/default/app.conf        |  2 +-
 5 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/splunkbase-validate.yml b/.github/workflows/splunkbase-validate.yml
index 118e13e..a2f3f0d 100644
--- a/.github/workflows/splunkbase-validate.yml
+++ b/.github/workflows/splunkbase-validate.yml
@@ -31,6 +31,12 @@ jobs:
       - name: Package aviatrix-security
         run: slim package aviatrix-security -r .slim-repo
 
+      - name: Validate TA-aviatrix manifest
+        run: slim validate TA-aviatrix
+
+      - name: Validate aviatrix-security manifest
+        run: slim validate aviatrix-security
+
       - name: AppInspect TA-aviatrix
         run: splunk-appinspect inspect TA-aviatrix-*.tar.gz --mode precert --included-tags cloud
 
diff --git a/TA-aviatrix/app.manifest b/TA-aviatrix/app.manifest
index d82bacb..158db6b 100644
--- a/TA-aviatrix/app.manifest
+++ b/TA-aviatrix/app.manifest
@@ -48,7 +48,7 @@
   "incompatibleApps": null,
   "platformRequirements": {
     "splunk": {
-      "Enterprise": ">=8.0"
+      "Enterprise": ">=9.0"
     }
   },
   "supportedDeployments": [
diff --git a/TA-aviatrix/default/app.conf b/TA-aviatrix/default/app.conf
index 9525faa..a1451de 100644
--- a/TA-aviatrix/default/app.conf
+++ b/TA-aviatrix/default/app.conf
@@ -18,4 +18,4 @@ version = 2.0.0
 
 [package]
 id = TA-aviatrix
-check_for_updates = 0
+check_for_updates = 1
diff --git a/aviatrix-security/app.manifest b/aviatrix-security/app.manifest
index 144e4b9..a60dfd7 100644
--- a/aviatrix-security/app.manifest
+++ b/aviatrix-security/app.manifest
@@ -38,19 +38,13 @@
       "uri": null
     }
   },
-  "dependencies": {
-    "TA-aviatrix": {
-      "version": ">=2.0.0",
-      "package": "TA-aviatrix",
-      "optional": false
-    }
-  },
+  "dependencies": null,
   "tasks": null,
   "inputGroups": null,
   "incompatibleApps": null,
   "platformRequirements": {
     "splunk": {
-      "Enterprise": ">=8.0"
+      "Enterprise": ">=9.0"
     }
   },
   "supportedDeployments": [
diff --git a/aviatrix-security/default/app.conf b/aviatrix-security/default/app.conf
index 3b54256..f0b0248 100644
--- a/aviatrix-security/default/app.conf
+++ b/aviatrix-security/default/app.conf
@@ -19,4 +19,4 @@ version = 2.0.0
 
 [package]
 id = aviatrix-security
-check_for_updates = 0
+check_for_updates = 1