Splunk Enterprise Security

All WSA logs are being tagged as Attack and Malware

david_monaghan
Engager

I recently upgraded the Cisco WSA TA and now all WSA logs are being tagged as Malware and Attack traffic.

It seems the logs I am receiving have not got any AV scan information included and all such fields of the logs are marked as 'Unknown'.

Any help on where to start debugging this problem would be appreciated.

0 Karma
Get Updates on the Splunk Community!

Splunk Certification Support Alert | Pearson VUE Outage

Splunk Certification holders and candidates!  Please be advised of an upcoming system maintenance period for ...

Enterprise Security Content Update (ESCU) | New Releases

In September, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...