...ver 300 suppressions. I can view suppressions under Settings --> Eventtypesin the Web UI, see them in SA-ThreatIntelligence/local/eventtypes.conf, and can see that they're being applied where a...
We have a lot of indicators in our Splunk Incident Review queue, and I am having a challenging time with Splunk Enterprise Security Suppression, and it's driving me nuts. It's been about a year and I...
none of the eventtypesineventtypes.conf under \Splunk\etc\apps\Splunk_for_ActiveDirectory\default\ work in search. For example if i search for "eventtype=wineventlog-security" i get "Unable to f...
I'm a Splunk administrator, not a Windows administrator, so my Windows knowledge is limited. Nonetheless, many teams can benefit from having Windows Event Log data in Splunk. What are the best p...
...s disabled.
Extra info: I'm in a distributed Splunk environment. However, I'm not using indexer clustering.
Grepped eventtypes:
./apps/splunk_app_windows_infrastructure/default/eventtypes...
...I believe I have found a bug in Splunk ineventtypes you can create via the GUI
Steps to reproduce:
- Go to Settings > Eventtypes
- Create a New eventtype
- Give it a name with a s...
I wanted to use the metadata command to monitor the last time an IDS sensor fed in our index. Because we are using firesight and therefor estreamer everything feeds in a single host and the source i...
...inux_collectd_cpu to the two source types, so this gives rise to a first question: Will Splunk_TA_linux's eventtypes.conf need tweaking?
Assuming I set the forwarder to monitoring /var/c...
I have installed the Palo Alto App and add-on and i have also pointed a firewall to Splunk.
I can see traffic, threat logs ETC under search but cannot see anything in the App.
sourcetype is b...