Hi I am trying to install the latest version of baremetal uba on rhel 7.8. I have followed the requirements and steps mentioned insplunk docs. When I ran the pre check script, i noticed the f...
Hello, I'm just having a bit of difficulty differentiating between Splunk Enterprise, ITSI, SOAR, UBA, and Enterprise Security. It seems like they all do similar things. Do they a...
Hello Splunkers!!
As per my below query I am not getting group & error_description fields from the query. Please advise what need to be modify in the last line of the query to get the r...
...he values.
I created a query in the calculated fields that should translate all the values in the Action field to the strings allowed and blocked as supposed to be in the Network Traffic Data Model....
my app contains the index.conf which declares the index that is installed on the heavy forwarder and it is not installed on the indexer. The problem is that data does not land on the indexer &n...
We have all of our Windows Events from our domain controllers going into UBA with a CIM Compliant Splunk Direct data source however it is saying we are missing AD data. What is the requirement for A...
...0","details":"Error from /uba/help/\nconnect ECONNREFUSED 34.213.241.61:80"}
From what I can tell the 34.213.241.61 address belongs to a Splunk DNS resolver, but I cannot find anywhere in the Splunk...
...2 * * * Time Range: Last 12 hours Schedule Priority : Default Schedule Window : 5 minutes In my local time it runs between 9:30 AM - 10:30 AM and 9:30 PM - 10:30 PM. But, Between those (say between 9...
trying to set a token where system_id shows ABC1, ABC1-a, ABC10, ABC10-a and so on. when I set the token for that system_id as ABC1* to return all the ABC1 and ABC1-a and so on, it also retu...