Splunk Enterprise

sourcetype=opsec:anti_malware

luis_silvac
Engager

Good morning

I have a problem, when normalizing information related to a checkpoint, I find that I have a sourcetype: opsec:anti_malware but I manage to identify which ones are allowed / blocked / dererred, I install the Splunk Add-on for Check Point OPSEC LEA, Has anyone had the same problem ? 

Labels (1)
0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!