Hi all,
I have a problem understanding how ES IdentityCorrelation merges identities together.
Example:
I have a LDAP lookup A that gets me some users with identities like username1|email.of...
I'm trying to create a correlation search that imports a lookup table called ExpiredIdentities.csv then it takes all the entries in the Identity field and runs an independent search for any a...
currently for asset correlation with ips we have infoblox ,but that only works when we are in the company premises and ip assigned on asset is part of company network.when someone works from home a...
after enabling, it takes a long timeto show the results of the queries, it takes a long time to show the results of the dashboards, also to show the results in the incident review, and it also has pr...
Hello there,
On ES (4.7.2), the correlation search "Default Account Usage" is supposed to create notable events for default accounts as stated in its description:
"Discovers use of default a...
Hi folks,
I created a correlation search that looks for administrators setting passwords to never expire, which then creates a notable event for incident review. I tried setting the severity to b...
Hi,
I just notice a strange behavior in Splunk Identity management and the datamodel.
Indeed, if I make a search based on "index + sourcetype", my results include all identity information w...
The urgency in a correlation search is calculated by the corr. search severity + the asset/identity priority.
Is it possible to calculate the urgency based on the count of failures?
I'm U...
Hi, i faced a little issue when i configured " Identities and assets" . After the configuration, the Asset Center and Identity Center dashboard in ES do not work. knowing that : The&n...