All Apps and Add-ons

Cisco Security Suite - Web Security

lamelendrez
Loves-to-Learn Lots

I am not getting any result for the Traffic Severity Panel on dashboard.

Looking at the search I have this

eventtype=css-wsa-squid http_result!="TCP_DENIED/407" | eval severity=cisco-wsa-score(x_wbrs_score) | eval severity=if(X-ScanVerdict=1,"red",severity) | timechart count by severity | table _time,red,orange,yellow,blue,green

I noticed the http_result is not a field on the search (running version 3.1.2 Cisco Security Suite & 3.2.3 on Cisco WSA)

What I dont now is what the eval severity=cisco-wsa-score(x_wbrs_score) does for me.

what is cisco-wsa-score?

Thanks in advance

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@lamelendrez

Which Splunk app you are using for viz??

It seems cisco-wsa-score is a macro. You will find the logic in macros.conf in Splunk app.

https://docs.splunk.com/Documentation/Splunk/7.3.2/Admin/Macrosconf

http://docs.splunk.com/Documentation/Splunk/latest/Admin/Aboutconfigurationfiles

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...