Hi I have to createcorrelationsearches in Splunk ES My cron schedule will be */60**** Is it better to use a real-time schedule or a continuous schedule? Is it necessary to fill the time r...
Hello,
I would like to request guidance on how to createacorrelationsearch based on data provided by SANS Threat Intelligence from https://isc.sans.edu/block.txt
The malicious IPs f...
...ours I get results, however no notable events are created. Does the correlationsearch syntax need to be in a certain format to generate the notable event?
I want to createa scheduled search that will track the changes made in content under Splunk Enterprise security app. If someone modifies correlationsearches i want my query to capture it. Can t...
Hi
Apologies if this has been asked before.
So here is what i am trying to achieve
Catch the log and createan event like when bgp goes down (easy can searchand filter them out)
C...
Thanks in advance for any assistance you can please lend.
Can someone please tell me how I can configure an Enterprise Security correlationsearch that triggers only when a specific a...
Hello everyone,
I have the following question:
For use cases (anything in the Enterprise Security > content), let's say I have 5 sourcetypes. If I createa new correlationsearch that I...
...wo: This one is exclusive of any hosts that are in Index2 when we run asearch in Index1. I.e. based on the Index2 hosts I run a query on Index1 and it only shows the host Server4.
P.S. - This is a...