- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How to use MLTK to tune DNS Query Length Outliers query?
DanAlexander1
Engager
01-19-2023
09:06 AM
Hi All,
I am trying to tune up a notable called DNS Query Length Outliers
Using the MLTK App to set up the data, but the number of the notables remain the same.
Am I doing something wrong? I followed some instructions on how to build the data model required for the notable to work, but still no luck. Worth mention that when I run the SPL in the Search, it delivers different number of notables.
What option shall I use from the "Experiments" within the MLTK App to make the data work for the notable.
The code is from here: https://github.com/splunk/security_content/blob/develop/detections/experimental/network/dns_query_le...
Thank you in advance.
