Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About GOB_Bluth
GOB_Bluth
Explorer
Member since:
01-28-2019
11-19-2020
Community Statistics
| Posts | 14 |
| Solutions | 0 |
| Karma Given | 2 |
| Karma Received | 0 |
| Member Since | 01-28-2019 |
Activity Feed
- Posted TrackMe table does not display on All Apps and Add-ons. 11-19-2020 07:06 AM
- Tagged TrackMe table does not display on All Apps and Add-ons. 11-19-2020 07:06 AM
- Posted TrackMe: How to add sourcetypes programatically to AllowList/Block list? on Monitoring Splunk. 09-21-2020 08:29 AM
- Tagged TrackMe: How to add sourcetypes programatically to AllowList/Block list? on Monitoring Splunk. 09-21-2020 08:29 AM
- Karma Re: ES -> Adaptive Response -> Phantom Playbook -> event_id? for ansusabu. 06-05-2020 12:50 AM
- Karma Custom DBConnect to get McAfee EPO inventory info for kyleburk. 06-05-2020 12:49 AM
- Posted Re: Is CCURE add-on compatible with CCURE 9000 on Splunk Enterprise Security. 03-19-2020 12:55 PM
- Posted Re: ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-23-2019 07:15 AM
- Posted Re: ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-23-2019 07:15 AM
- Posted Re: ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-20-2019 06:19 AM
- Posted Re: ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-19-2019 01:12 PM
- Posted ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-19-2019 01:03 PM
- Tagged ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-19-2019 01:03 PM
- Tagged ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-19-2019 01:03 PM
- Tagged ES -> Adaptive Response -> Phantom Playbook -> event_id? on Splunk SOAR. 12-19-2019 01:03 PM
- Posted Re: Topology Visualization : Message Format on All Apps and Add-ons. 08-22-2019 01:47 PM
- Posted $info_min_time$ is insufficient when using drill down from incident review on Splunk Enterprise Security. 08-12-2019 01:16 PM
- Tagged $info_min_time$ is insufficient when using drill down from incident review on Splunk Enterprise Security. 08-12-2019 01:16 PM
- Tagged $info_min_time$ is insufficient when using drill down from incident review on Splunk Enterprise Security. 08-12-2019 01:16 PM
- Posted Re: Custom DBConnect to get McAfee EPO inventory info on All Apps and Add-ons. 03-27-2019 07:59 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-19-2020
07:06 AM
The search job completes however the table panel never displays on the main page under 'Data Tracking' Any ideas where to look??
... View more
- Tags:
- TrackMe
Labels
- Labels:
-
troubleshooting
09-21-2020
08:29 AM
I would like the results of a search to populate the allow/block lists in TrackeMe. The lookup file requires a unique key.
Any tips on how to generate that at search time?
... View more
Labels
03-19-2020
12:55 PM
I'm also interested in the query if anyone has something to start with.
... View more
12-23-2019
07:15 AM
The notable macro doesn't work when it's being called by an adaptive response action.
... View more
12-23-2019
07:15 AM
Very cool solution, thank you for sharing.
... View more
12-20-2019
06:19 AM
Thank you, Can you expand on 'changed the CIM' ?
... View more
12-19-2019
01:12 PM
Thank you phantom_mike, i'm going down that road.
... View more
12-19-2019
01:03 PM
I need my Phantom playbook to be able to close a Splunk ES notable event when it's completed, this requires the event_id field which is not included in the artifact when using the adaptive response.
Has anyone found a clever solution?
This is possible when using the Phantom app for Splunk, however we need to pivot and start using the AR
... View more
Labels
- Labels:
-
configuration
-
development
08-22-2019
01:47 PM
Has anyone been able to use drill down effectively with this package? The drill down provided in the example does not work.
... View more
08-12-2019
01:16 PM
If I adjust -1h to my earliest time, I locate the event targeted by the drill down. Is there a best minimal invasive way to the offset for a drill down?
... View more
03-27-2019
07:59 AM
This is helpful, thank you.
Curiously when I run this against epo 5.1 most of the records do not contain vse_dat_version fields which is what I really need.
Any ideas?
... View more
01-30-2019
11:45 AM
This sounds like a very plausible idea. It looks like ES provides a rest endpoint to do something similar.
I would like to suggest this be added to product road map for future updates, soc environments are challenging and dynamic with a variety of staff and skill levels. ES needs to do better to meet these challenges. Currently we are just picking things out of a queue which is kind of silly.
... View more
01-30-2019
11:44 AM
thank you
... View more
01-28-2019
01:58 PM
We would like to dynamically assign an owner of a notable event?
Our soc would like to round robin the incoming events, does anyone know of a way to do this or
... View more
