I'm really overthinking this, but am lost.
I need to show when newcorrelationsearches are introduced into the environment. I have a lookup with the current correlationsearches, along w/ r...
...omething5
That would mean that whenever a new source type is onboarded I would have to manually add it to all the correlationsearches that I created or that are by default in Splunk Enterprise Security c...
Hi I have to createcorrelationsearches in Splunk ES My cron schedule will be */60**** Is it better to use a real-time schedule or a continuous schedule? Is it necessary to fill the time r...
Hello All,
I am very new to Splunk.
Can someone help me with this use case please:
I have to create a search which should take an IP coming from a data source A and take that IP go to a file g...
Hello,
I would like to request guidance on how to create a correlationsearch based on data provided by SANS Threat Intelligence from https://isc.sans.edu/block.txt
The malicious IPs f...
...ours I get results, however no notable events are created. Does the correlationsearch syntax need to be in a certain format to generate the notable event?
...nother including the ITSI correlationSearch , Dashboards, Lookup table, Entities etc.
3] Upon Migration can we upgrade ITSI to 4.7 and above on new SHC?
I have these three different searches:
A search to display when users create a new user account
A search to display when users add a user account to a group
A search to display when u...