Splunk Enterprise Security

All WSA logs are being tagged as Attack and Malware

david_monaghan
Engager

I recently upgraded the Cisco WSA TA and now all WSA logs are being tagged as Malware and Attack traffic.

It seems the logs I am receiving have not got any AV scan information included and all such fields of the logs are marked as 'Unknown'.

Any help on where to start debugging this problem would be appreciated.

0 Karma
Get Updates on the Splunk Community!

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...

Thank You for Celebrating CX Day with Splunk!

Yesterday the entire team at Splunk + Cisco joined the global celebration of CX Day - celebrating our ...