Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
57 results
Sorted by:
05-24-2019
07:53 AM
...t JSON
TRANSFORMS-stripSyslog = FEYE-syslog-header-strip
FIELDALIAS-category_for_fireeye = alert.name as category
FIELDALIAS-id_for_fireeye = alert.id as id
FIELDALIAS-signature_for_fireeye = a...
07-19-2020
07:05 PM
...o longer exists: /var/log/syslog 2) Antivirus Database update logs: Wed May 27 23:46:53 2020 -> daily database available for download (remote version: 00000) 3) Linux Kernal L...
Labels
- Labels:
-
investigation
10-14-2020
11:36 AM
If you have issues where the Sophos sourcetype is not extracting the source webserver & malware signature from web activity events, add this line to pull those events. I couldn't find a s...
- Tags:
- sophos
Labels
- Labels:
-
configuration
03-19-2019
03:15 AM
It corresponds to CIM, but there is a model that I do not understand well.
What is the CIM Malware Operation? Can you explain in detail?
04-11-2016
07:45 AM
We are currently running version 2.1.1 of the Splunk Add-on for Symantec Endpoint Protection on Splunk 6.2.3. I have set up the app to automatically update the malware category lookup table with t...
10-26-2015
11:42 AM
I have the Splunk_TA-symantec-ep installed on both of our Search Heads. Although I had enabled automatic update of the malware categories, I checked the timestamp of the lookup files, and they h...
12-12-2013
10:30 AM
1 Karma
I followed the instructions to deploy "Splunk for Symantec" http://apps.splunk.com/app/1365/ version 1.0.3 app but some of the dashboards don't populate.
How do I fix this quickly at my site until...
- Tags:
- Splunk for Symantec
06-30-2019
01:21 AM
Maily I have three sourcetypes
sourcetype=Officescan ( workstation logs( signature update, malware etc)
sourcetype = deepsecurity ( servers, malware logs)
sourcetype = trendmicro ( T...
11-25-2020
12:30 PM
...orrelation rule is "Host With A Recurring Malware Infection ($signature$ On $dest$)" and I use: `notable`
| search event_hash=$event_hash$
| eval comments="$rule_title$"
| snowincidentalert what e...
Labels
- Labels:
-
notable event
02-02-2016
03:19 AM
...ashboard and for that I need to have all sorts of signature values from different data models (Vulnerabilities, Malware, Intrusion_Detection) in just one column to plot that chart.
Please tell me h...
- Tags:
- data-model
- search
