Hi - I am trying to get theSplunkAppforAWSSecurityDashboards working. Apparently the default index theapp is using is "main". I need to change this. I know I could c...
Hello All, I'm utilizing theSplunkAppforAWS to capture data and represent them into easily identifiable dashboards. I'm working on theSecurity Groups Dashboard under Security. I'm having t...
This is a new install of ES (a few months old) that was added to an existing base Splunk instance. All of the web and proxy related dashboards are empty.
According to this, http://docs.splunk...
...n thedashboard (threatlist activity).
I found threatlists in /opt/splunk/etc/apps/SA-Threatintelligence/lookups, but they are all empty and say "intentionally left empty" and when we do |i...
...till see it as an available option in the IR DB (Incident Review dashboard). Am I missing another conf file or setting outside of workflow?
current settings:
./SA-ThreatIntelligence/local/w...
I have one host that I want to remove from all my premade dashboards in theSplunkAppforAWSSecurityDashboards. Can someone tell me where I would enter this in the source code fortheDashboard...
Enterprise Security demands the sourcetype be "fortinet", but theApp has all the macros and everything set to look for "fgt_logs".
Being a bit of a Splunk noob, how do I go about getting theFor...
I installed theSplunkAppfor Enterprise Security, but all dashboards and reports are empty. TheSplunk_TA_windows Add-on is installed and "indexes.conf" contains the index "windows" that has 20 G...