In Enterprise Security, the ThreatIntelligence Audit dashboard is not displaying properly.
The _time and run_duration fields are incorrectly displayed when the user is in +GMT.
This is due t...
Hello there, I have Splunk Enterprise installed and one of my clients has asked me to implement threatintelligence. When searching I have found several APPs but I would like you to i...
Hello! I am experiencing troubles with analyzing ThreatIntelligence data in Enterprise Security. When I go to Security Intelligence -> ThreatIntelligence -> Threat Activity, here is Threat...
...opulating on ThreatIntelligence > Threat Artifacts dashboard. However, the description field is not displaying anywhere on the dashboard.
The Reason to do this: If multiple apps are i...
...ile=threat_intelligence_manager.py:process_files:558 | status="Exception when processing file." filename=filenames.csv" message="Parser does not extract a field that can be mapped to a threatintelligence...
...isible anymore.
For example, inside Enterprise Security under Security Intelligence, you will see “Risk Analysis”,
“Protocol Intelligence”, “ThreatIntelligence”, “User Intelligence” and “Web Intelligence...
Hi All,
I have enabled threat feed into my Splunk Enterprise Security app and the data was working fine until few days back when we disabled the acceleration of one of the datamodels. Since t...
We are running Splunk ES and trying to make log search and app interfaces for each company. Let's call them CompanyA, CompanyB and CompanyC.Each company has to see its own data an...
...ndicators as well.
i have followed steps provided in the below link, although i am successful in writing the indicators to threatintelligencedashboard , still the above mentioned problems of threat i...
When we first got Splunk ES, one of my colleagues decided to try adding in IOCs from the Mandiant APT1 report. These were added to the path:
/opt/splunk/etc/apps/DA-ESS-ThreatIntelligence/d...