Splunk Enterprise Security

Use Maps in Enterprise Security

gcusello
SplunkTrust
SplunkTrust

Hi at all,

I'm configuring Enterprise Security but I found an unattended issue:

I'm trying to use the Maps feature associated to a Source in "Incident Review" dashboard.

In details:

  • I have some Notebles,
  • much of them contain an IP external to the customer and I'd like to visualize the geographic origin of this IP, using the Maps feature associated to the Additional Fields contained in Notable details,
  • but when I click on the mouse right button and I choose the "map <IP address> option, it opens Google Maps but always at the same coordinates that aren't the ones I'm searching.

Must I configure something to have this feature or did someone else experience the same issue?

Thank you for your attention.

Ciao.

Giuseppe

Labels (1)
1 Solution

gcusello
SplunkTrust
SplunkTrust

Hi at all,

Splunk Support hinted to me to add the iplocation command to each Correlation Search containing a public IP, in this way the map feature correctly works.

I added this feature also to Splunk Ideas (https://ideas.splunk.com/ideas/ESSID-I-283), if someone is interested, please vote it.

Ciao.

Giuseppe

View solution in original post

gcusello
SplunkTrust
SplunkTrust

Hi at all,

Splunk Support hinted to me to add the iplocation command to each Correlation Search containing a public IP, in this way the map feature correctly works.

I added this feature also to Splunk Ideas (https://ideas.splunk.com/ideas/ESSID-I-283), if someone is interested, please vote it.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...