Splunk Enterprise

sourcetype=opsec:anti_malware

luis_silvac
Engager

Good morning

I have a problem, when normalizing information related to a checkpoint, I find that I have a sourcetype: opsec:anti_malware but I manage to identify which ones are allowed / blocked / dererred, I install the Splunk Add-on for Check Point OPSEC LEA, Has anyone had the same problem ? 

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...