Splunk Enterprise Security

All WSA logs are being tagged as Attack and Malware

david_monaghan
Engager

I recently upgraded the Cisco WSA TA and now all WSA logs are being tagged as Malware and Attack traffic.

It seems the logs I am receiving have not got any AV scan information included and all such fields of the logs are marked as 'Unknown'.

Any help on where to start debugging this problem would be appreciated.

0 Karma
Get Updates on the Splunk Community!

Customer Experience | Splunk 2024: New Onboarding Resources

In 2023, we were routinely reminded that the digital world is ever-evolving and susceptible to new ...

Celebrate CX Day with Splunk: Take our interactive quiz, join our LinkedIn Live ...

Today and every day, Splunk celebrates the importance of customer experience throughout our product, ...

How to Get Started with Splunk Data Management Pipeline Builders (Edge Processor & ...

If you want to gain full control over your growing data volumes, check out Splunk’s Data Management pipeline ...