Splunk Enterprise Security

Splunk ES: Why are all Security Indicators under Threat Activity reporting '0'?



Under Threat Activity, all the indicators report "0" all the time regardless of the search parameters. When clicked we do see the threat activity and the corresponding correlations are also getting triggered but no data from indicators.

Is something missing in the configuration?
Splunk Version: 7.0.1
ES Version: 4.7.4

alt text



0 Karma