Splunk® Security Essentials

Develop Custom Content in Splunk Security Essentials

Splunk Security Essentials file directory

Splunk Security Essentials (SSE) contains many key files that are shared across the app. Read the entries in the following table to understand what these files do at a high level. Review the code in the file itself for specifics. See a full list of Custom search commands for SSE in the Use Splunk Security Essentials manual.

File Description
runPageScript.js Defines the logic for which scripts launch JavaScript
generateShowcaseInfo.py and ShowcaseInfo.json Contains the main configurations for SSE.
buildTile.js Renders a tile for your content.
system_config.js Generates the configuration menu in SSE.
common_data_objects.js Centralizes information that is standard across the app, such as bookmark status names and versus IDs.
export_panel.js Contains the main export modal, the CSV export logic, and the print-to-PDF logic.
buildLilyXLSX.js Controls XLSX exports.
manageSnapshots.js Contains the dialog that handles all snapshots.
processSummaryUI.js Contains the actual display detail for rendering the print-to-PDF visuals. The code contains the same logic used in the search builders themselves to allow for displaying all accordions by default and removing links.
pullJSON.py A front-end REST handler front end for pulling JSON files that allows you to swap content from the KV store for raw files, such as MITRE ATT&ACK frameworks, or enrich content, such as adding custom content into the data_inventory.json file.
pullCSV.py Allows you to send a GET request for a lookup in a require() statement.
modal.js The core code for generating modals in SSE.
unattachedModal.js Generates modals in SSE that it copies from SA-devforall but uses on the data_inventory.js file.
AlertModal.js Used for the save search dialog.
dashboard.js Runs for every dashboard in the app. Many miscellaneous logic functions are contained in this file, such as collectDiag().
sendTelemetry.js The wrapper for swa.js, which handles all telemetry for SSE.
home.js Handles the home page.
intro_content.json Stores all the logic for the guides.
contents.js Contains the original core code of SSE. This JavaScript file contains the logic for the Security Contents page.
data_inventory.js The core file for the data_inventory dashboard. The file generates the display from data_inventory.json.
DrawDataInventoryProducts.js Contains the UI elements for product configuration.
data_inventory_introspection.js Contains the introspection logic.
data_inventory.json Contains the raw data inventory configuration. When grabbed through pullJSON, the script augments.
bookmarked_content.js Contains the core logic for the Bookmarked Content dashboard.
MapExistingSearchContent.js Contains the logic for the correlation search introspection.
showcase_simple_search.js, showcase_first_seen_demo.js, showcase_standard_deviation.js, showcase_phantom.js, and showcase_custom.js The dedicated files for each of the standard search builders, each providing capabilities for specific types of searches.
ProcessSummaryUI.js Generates most of the display, allowing for equivalent displays across different apps.
es_use_case.js Renders content from Splunk Enterprise Security (ES), Splunk Enterprise Security Content Update (ESCU), and Splunk User Behavior Analytics (UBA), relying on these files:
  • es_use_case.xml
  • escu_use_case.xml
  • uba_use_case.xml
data_source.js Contains the SimpleXML Examples app with some enhancements.
securityjourney.js Renders the Security Journey and contains custom JavaScript and CSS.
highlight.pack.js Allows syntax highlighting, particularly around custom and partner content, for line-by-line Splunk Search Processing Language (SPL).
lunr.js Displays the search engine used on the contents.js and MapExistingSearchContent.js file.
showdown.js Performs Markdown conversion for descriptive fields.
FileSaver.js Allows you to save a generated file with a particular filename.
jszip Allows you to generate ZIP files in JavaScript.
Last modified on 20 January, 2023
Author simple and full-feature content on Splunk Security Essentials  

This documentation applies to the following versions of Splunk® Security Essentials: 3.7.1, 3.8.0, 3.8.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters