Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
49 results
Sorted by:
06-06-2018
08:40 AM
I am using Splunk ES and trying to match my IDS logs to the Intrusion Detection data model. I thought I did all preparatory steps required but when clicking in the ES app Search > Datasets &g...
05-09-2016
08:16 AM
08-10-2010
02:09 AM
Splunk is currently indexing the logs for all of my companies switches and routers. It's a mishmash of Dell and Cisco devices. Is there an application for Splunk ideal for alerting when rogue devices...
- Tags:
- intrusion
- monitoring
06-16-2016
01:25 PM
1 Karma
This is more of question for my understanding...
In the examples section of CIM Add-on manual (for OSSEC) there is a statement that the Intrusion Detection data model requires the tags ids, a...
01-31-2016
05:21 PM
The current definition for this field is this:
IDS_Attacks| user | string | The user involved with the intrusion detection event.
My data source can generate multiple user names related to an intrusion...
08-28-2015
12:08 PM
I want to create a single value chart to illustrate total intrusion detection events, however, I want to limit the results to our IPS threat events and exclude our firewall threat events. Is this p...
07-30-2019
12:24 PM
In ES, the constraint for Intrusion Detection is ( cim_Intrusion_Detection_indexes ) tag=ids tag=attack.
What is the tag=ids part?
03-19-2019
10:02 PM
I would like to borrow the wisdom of the Palo Alto experienced person.
Which data model does PaloAlto's threat (including URL Filtering) correspond to? "Intrusion Detection"?
10-10-2019
06:57 AM
1 Karma
...nfortunately the events do not appear to be tag and aren't getting put into the CIM Data Model for Network Traffic or Intrusion Detection. Looking at the props.conf there are a number of entries for C...
02-09-2017
05:33 AM
Hi,
When I search all indexed data against "Intrusion Detection" data model from Search & reporting app's context, Splunk can correctly identify data from Imperva and eStreamer both, based o...
