Splunk Enterprise Security

Use Maps in Enterprise Security

gcusello
Esteemed Legend

Hi at all,

I'm configuring Enterprise Security but I found an unattended issue:

I'm trying to use the Maps feature associated to a Source in "Incident Review" dashboard.

In details:

  • I have some Notebles,
  • much of them contain an IP external to the customer and I'd like to visualize the geographic origin of this IP, using the Maps feature associated to the Additional Fields contained in Notable details,
  • but when I click on the mouse right button and I choose the "map <IP address> option, it opens Google Maps but always at the same coordinates that aren't the ones I'm searching.

Must I configure something to have this feature or did someone else experience the same issue?

Thank you for your attention.

Ciao.

Giuseppe

Labels (1)
1 Solution

gcusello
Esteemed Legend

Hi at all,

Splunk Support hinted to me to add the iplocation command to each Correlation Search containing a public IP, in this way the map feature correctly works.

I added this feature also to Splunk Ideas (https://ideas.splunk.com/ideas/ESSID-I-283), if someone is interested, please vote it.

Ciao.

Giuseppe

View solution in original post

0 Karma

gcusello
Esteemed Legend

Hi at all,

Splunk Support hinted to me to add the iplocation command to each Correlation Search containing a public IP, in this way the map feature correctly works.

I added this feature also to Splunk Ideas (https://ideas.splunk.com/ideas/ESSID-I-283), if someone is interested, please vote it.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

You asked, we delivered. Splunk Observability Cloud has several new innovations giving you deeper visibility ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...