Evaluating Splunk Enterprise. Added the "Splunk Add-on for Microsoft Windows."
When I do a search, I get errors:
• Could not load lookup=LOOKUP-action_for_WinRegistry
• Could not load lookup=LOOKUP-action_for_fs_notification
In the infosec App, under security posture, I get errors like
Error in 'DataModelEvaluator': Data model 'Intrusion_Detection' was not found.
Error in 'DataModelEvaluator': Data model 'Malware' was not found.
Not sure if related.
Thanks for your advice.