I have the InfoSec App installed, but I'm having trouble having the app read some of my data sources.
I’m sending data from a Cisco ASA by listening on a TCP port.
I’m sending security event log info from Active Directory via Remote event log connection in Data inputs.
They are both in separate indexes.
The data from both sources is searchable in Search and Reporting, and I can also see the ASA data in the Firegen Cisco App.
In the InfoSec app, I'm able to see some hits under Continous Monitoring > Windows Access Changes > Privelege Escalations. However, I don't see any hits for the rest of the counters (Successful/Failed Authentications).
The installation is a single Splunk instance.
... View more