Install, configure readiness, and validate Splunk Attack Analyzer platform integration using Splunk Add-on for Splunk Attack Analyzer (`Splunk_TA_SAA`, app 6999) and Splunk App for Splunk Attack Analyzer (`Splunk_App_SAA`, app 7000). Use when a user asks for Attack Analyzer, SAA, phishing and malware analysis data ingestion, the `saa` index, `saa_indexes` macro, or Enterprise Security adaptive response readiness.
This listing is imported from SkillsMP metadata and should be treated as untrusted until upstream source review is completed.
Install skill "splunk-attack-analyzer-setup" with this command: npx skills add chambear2809/skillsmp-chambear2809-chambear2809-splunk-attack-analyzer-setup
This source entry does not include full markdown content beyond metadata.
This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.
Related by shared tags or category signals.
Install and configure the Cisco Secure Access App for Splunk (cisco-cloud-security) and required event Add-on (TA-cisco-cloud-security-addon). Supports org account creation, investigate index, private app index, and app discovery index provisioning. Use when the user asks about Cisco Secure Access, app IDs 5558/7569, cisco-cloud-security, or Secure Access dashboards.
Install and configure Cisco Security Cloud (CiscoSecurityCloud). Supports Cisco Duo, XDR, Secure Endpoint, Secure Firewall, ETD, Secure Network Analytics, CII, Secure Workload, and other Cisco Security Cloud inputs. Use when the user asks about Cisco Security Cloud, app ID 7404, or CiscoSecurityCloud.
Install, configure readiness, and validate Splunk Asset and Risk Intelligence (`SplunkAssetRiskIntelligence`, Splunkbase app 7180), including ARI indexes, KV Store readiness, ARI roles, and Enterprise Security Exposure Analytics handoff. Use when a user asks to set up ARI, Splunk Asset and Risk Intelligence, or ES Exposure Analytics readiness.
Render, preflight, apply, audit, and validate Splunk Cloud Admin Config Service (ACS) IP allowlists for all seven ACS features (acs, search-api, hec, s2s, search-ui, idm-api, idm-ui) with IPv4 and IPv6, AWS and GCP subnet limit enforcement, ACS lock-out protection, drift detection, and optional Terraform emission. Use when the user asks to manage ACS IP allowlists, search-api allowlist, HEC IP allowlist, s2s subnet allowlist, ACS access subnets, acs ip-allowlist, ipallowlists endpoint, ipallowlists-v6, or to audit current Splunk Cloud allowlist state.