I'm trying to search for some IPs of interest within the Rapid 7 App for Splunk Enterprise.
Is there a way to do that?
The app is just a dashboard, but from within your search console you can use this simple query to search via IP. Assuming you did not change the source type when you configured the rapid7 app.
sourcetype=rapid7_nexpose dest_ip="x.x.x.x"
The app is just a dashboard, but from within your search console you can use this simple query to search via IP. Assuming you did not change the source type when you configured the rapid7 app.
sourcetype=rapid7_nexpose dest_ip="x.x.x.x"