Description

SAM - SOC Alert Manager

Covers all your SOC's needs for the analysts to get to work.

How 2 Install

1. Download gitrepo as zip

2. Move zip to root folder of the app you wish to install SAM on top off

3. Unzip to full paths

4. go to /opt/splunk/etc/apps/%appname%/local

5. Edit the props.conf file

Create the file if it does not exist. Add the following lines to the file:

[audittrail]
EXTRACT-ss_name_sam = \",\sss_name=\"(?<ss_name_sam>.+?)\",\ssid=\"

Beware

If the "[audittrail]" section already exists, add the second line to the existing section.

6. Reload app

7. Files should now be placed in the required folders.