All Apps and Add-ons

Cisco Security Suite - Web Security

New Member

I am not getting any result for the Traffic Severity Panel on dashboard.

Looking at the search I have this

eventtype=css-wsa-squid http_result!="TCP_DENIED/407" | eval severity=cisco-wsa-score(x_wbrs_score) | eval severity=if(X-ScanVerdict=1,"red",severity) | timechart count by severity | table _time,red,orange,yellow,blue,green

I noticed the http_result is not a field on the search (running version 3.1.2 Cisco Security Suite & 3.2.3 on Cisco WSA)

What I dont now is what the eval severity=cisco-wsa-score(x_wbrs_score) does for me.

what is cisco-wsa-score?

Thanks in advance

0 Karma



Which Splunk app you are using for viz??

It seems cisco-wsa-score is a macro. You will find the logic in macros.conf in Splunk app.

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!