I am using Splunk ES and trying to match my IDS logs to the IntrusionDetection data model. I thought I did all preparatory steps required but when clicking in the ES app Search > Datasets &g...
Splunk is currently indexing the logs for all of my companies switches and routers. It's a mishmash of Dell and Cisco devices. Is there an application for Splunk ideal for alerting when rogue devices...
This is more of question for my understanding...
In the examples section of CIM Add-on manual (for OSSEC) there is a statement that the IntrusionDetection data model requires the tags ids, a...
The current definition for this field is this:
IDS_Attacks| user | string | The user involved with the intrusiondetection event.
My data source can generate multiple user names related to an intrusion...
I want to create a single value chart to illustrate total intrusiondetection events, however, I want to limit the results to our IPS threat events and exclude our firewall threat events. Is this p...
I would like to borrow the wisdom of the Palo Alto experienced person.
Which data model does PaloAlto's threat (including URL Filtering) correspond to? "IntrusionDetection"?
...nfortunately the events do not appear to be tag and aren't getting put into the CIM Data Model for Network Traffic or IntrusionDetection. Looking at the props.conf there are a number of entries for C...
Hi,
When I search all indexed data against "IntrusionDetection" data model from Search & reporting app's context, Splunk can correctly identify data from Imperva and eStreamer both, based o...