If you have issues where the Sophos sourcetype is not extracting the source webserver & malwaresignature from web activity events, add this line to pull those events. I couldn't find a s...
We are currently running version 2.1.1 of the Splunk Add-on for Symantec Endpoint Protection on Splunk 6.2.3. I have set up the app to automatically update the malware category lookup table with t...
I have the Splunk_TA-symantec-ep installed on both of our Search Heads. Although I had enabled automatic update of the malware categories, I checked the timestamp of the lookup files, and they h...
I followed the instructions to deploy "Splunk for Symantec" http://apps.splunk.com/app/1365/ version 1.0.3 app but some of the dashboards don't populate.
How do I fix this quickly at my site until...
...orrelation rule is "Host With A Recurring Malware Infection ($signature$ On $dest$)" and I use: `notable`
| search event_hash=$event_hash$
| eval comments="$rule_title$"
| snowincidentalert what e...
...ashboard and for that I need to have all sorts of signature values from different data models (Vulnerabilities, Malware, Intrusion_Detection) in just one column to plot that chart.
Please tell me h...