ITSI Modules Problem

stromy · ‎05-18-2019

Dears

Im using ITSI version 4.0 , i followed the documentation for the installation but yet the default modules that comes with ITSI like OS, webserver etc .., is not working probably, when ever i want to do auto discovery for entities using module search like OS one, it give me an error savedsearch is not found tho it is enabled and i can search for it in the ITSI-search,

so i start copying conflagration from the Modules to the ITOA/local/ and it worked .. is this normal case or not??
can anyone advice me!

Thanks already

VatsalJagani · ‎05-18-2019

Hi @stromy,
I don't know whether you are on the right path or not, but I'm giving below steps that worked for me.

For automatic entity discovery:

Go to Settings > Data Inputs > ITSI Entity CSV Imports > Enable the services for which you want to enable automatic entity discovery.

For manual entity import:

ITSI App > Configure > Entity > Import > Import from Search > Select Module > Select Service Savedsearch > Run Search > Import.

If these steps are not working for you then I think you might have made some mistake in App installation. I'm guessing this because you are saying you are getting the error of savedsearch not found.

Hope this helps!!

ITSI Modules Problem

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?