Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About kprior201_lilly
kprior201_lilly
Path Finder
Member since:
05-20-2019
04-26-2024
Community Statistics
| Posts | 20 |
| Solutions | 0 |
| Karma Given | 12 |
| Karma Received | 0 |
| Member Since | 05-20-2019 |
Activity Feed
- Posted Re: SOAR Could not update record due to ValidationError on Splunk Enterprise Security. 07-15-2022 10:11 AM
- Karma SOAR Could not update record due to ValidationError for sitthiporns. 07-15-2022 10:10 AM
- Karma How can we ensure that the HTTP Event Collector works correctly? for danielbb. 04-01-2022 09:40 AM
- Posted Help understanding Splunk SOAR connectivity to indexers on Splunk SOAR. 04-01-2022 09:35 AM
- Tagged Help understanding Splunk SOAR connectivity to indexers on Splunk SOAR. 04-01-2022 09:35 AM
- Tagged Help understanding Splunk SOAR connectivity to indexers on Splunk SOAR. 04-01-2022 09:35 AM
- Karma Re: Why is syslog-ng dropping events sent to SC4S's destination d_hec_fmt? for gf13579. 02-25-2022 12:51 PM
- Posted Re: SC4S on Centos8 VM in Google Cloud - Couldn\'t connect to server error on Getting Data In. 02-25-2022 12:49 PM
- Posted Re: Duplicate Events Forwarded to Phantom on All Apps and Add-ons. 08-16-2021 04:33 AM
- Karma Duplicate Events Forwarded to Phantom for erika_horton. 08-16-2021 04:33 AM
- Karma Infoblox CIM unknown fields for mmoermans. 05-27-2021 10:49 AM
- Posted Re: Splunk Security Essentials mitre_overview Not Loading Correctly on All Apps and Add-ons. 05-27-2021 05:19 AM
- Posted Re: Splunk Security Essentials mitre_overview Not Loading Correctly on All Apps and Add-ons. 05-25-2021 08:22 AM
- Posted Splunk Security Essentials mitre_overview Not Loading Correctly on All Apps and Add-ons. 05-24-2021 01:31 PM
- Tagged Splunk Security Essentials mitre_overview Not Loading Correctly on All Apps and Add-ons. 05-24-2021 01:31 PM
- Tagged Splunk Security Essentials mitre_overview Not Loading Correctly on All Apps and Add-ons. 05-24-2021 01:31 PM
- Tagged Splunk Security Essentials mitre_overview Not Loading Correctly on All Apps and Add-ons. 05-24-2021 01:31 PM
- Tagged Splunk Security Essentials mitre_overview Not Loading Correctly on All Apps and Add-ons. 05-24-2021 01:31 PM
- Karma splunk security Essentials for astatrial. 05-24-2021 01:18 PM
- Karma Re: How can I execute two Netwitness query sentence at the same time? how to configure this? for rataide. 06-05-2020 12:50 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
07-15-2022
10:11 AM
Did you ever find a solution for this? Seeing this in our environment as well.
... View more
04-01-2022
09:35 AM
I would like to understand how Splunk SOAR sends data to the indexer endpoints that are configured under Administration -> Search Settings -> Indexers. I would like to send data to two different HEC endpoints (two different Splunk instances), but I'm not sure if Splunk SOAR treats multiple indexers as something to load balance or multiple things to send all data to. I attempted to use _TCP_Routing on one of the HEC endpoints to take care of this issue, but it doesn't seem to work right so I figured I'd go back to the source. Anyway, if anyone knows how that works, I'd appreciate the insight! Thanks.
... View more
- Tags:
- indexer
- integration
Labels
02-25-2022
12:49 PM
Hello! Did you ever figure out what was causing this?
... View more
08-16-2021
04:33 AM
As a heads up: they are tracking this as a bug. I had a support ticket open for the same issue after an upgrade.
... View more
05-27-2021
05:19 AM
It's version 3.3.3; the screenshot is attached to the original post. It doesn't give an error at all, it just doesn't display the matrix. When I look at the Job Inspector, there aren't any errors, either.
... View more
05-25-2021
08:22 AM
I just poked around in that screen, but it doesn't seem to be what I'm looking for. Previously, the MITRE matrix loaded just fine; I have content enabled that should reflect here. The rest of the page loads as well; it's just the one matrix that isn't working.
... View more
05-24-2021
01:31 PM
I just upgraded my Splunk Security Essentials app from 3.1.1 to 3.3.3. I'm running Splunk Enterprise 8.1.4. When I access the Analytics Advisor / MITRE ATT&CK Framework page, the MITRE ATT&CK Matrix just refuses to load. Has anyone encountered this, and do you have any troubleshooting suggestions?
... View more
05-06-2020
06:44 AM
I have a support ticket open about this, and below is the latest update. Basically, there is a discrepancy between the way tstats works with the different combinations of events/search definitions in data models. Splunk has a JIRA ticket open to address this discrepancy, but no resolution is defined as of yet.
"As we discuss with my colleague as well the tstats searches against accelerated DMs relying on a Root Search Dataset, but part of a Mixed Model (which means that it contains at least also one Root Event Dataset will always fail regardless if the constraint search is or is NOT a streaming search, as this is currently not supported.
Basically this is what happens on our case and the SPL ticket states.
Here is the SPL ticket in case you want to verify SPL-167885.
As we saw other option to add using in the search are using the "| datamodel" or the "| from" command.
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/Datamodel
https://docs.splunk.com/Documentation/Splunk/8.0.3/SearchReference/From "
... View more
04-23-2020
11:27 AM
So, I've noticed that this does not work for the Endpoint datamodel. For Endpoint, it has to be datamodel=Endpoint. without a nodename. It seems to be the only datamodel that this is occurring for at this time. Is this an issue that you've come across?
... View more
03-04-2020
08:43 AM
Only the file/folder sourcetypes allow for the 'location' field to be populated, though, and that's what we're trying to get. Thank you for the information you've gotten thus far!
... View more
03-02-2020
10:29 AM
Negative; I have a support case still open about it. I'll update as I get useful information.
... View more
01-23-2020
09:52 AM
We have the Box integration set up on a HFW, and we have proper permissions set up on the Box side. The integration user has the following co-admin rights:
- Manage users
- Manage groups
- View users content
- Edit users content (for testing)
- Log in to users accounts (for testing)
- View settings / apps for your company
- Edit settings and apps for your company
- Run new reports and access existing reports
- View policies set up for your company
- Create, edit, and delete policies for your company (for testing)
- View automations set up for your company
- Create, edit, and delete automations for your company (for testing)
- Create and edit metadata templates for your company (for testing)
However, the file/folder sourcetypes are only pulling data for the integration user. All other sourcetypes pull through with everyone's data just fine. Anyone have any ideas as to why that might be? Thanks.
... View more
01-07-2020
07:54 AM
Okay; if you leave the folder/file fields empty, I was assuming it would just pull ALL of the fields. I'll add the path_collection to them and see if it makes a difference.
Thank you.
... View more
01-02-2020
12:25 PM
In the release notes for 2.1.0 Splunk Add-On for Box, it mentions "Ability to enable viewing of the entire parent structure of an asset.". I've yet to see this in any events. I've enabled all of data collection capable that is specified in the inputs.conf.spec. I'm not really sure what I'm missing. Anyone have any ideas? It would be incredibly useful to have the entire parent path.
Thanks!
... View more
06-25-2019
01:04 PM
I did try to configure via UI, but I've reverted to the hard coding for testing at least. I saw in a different post that there may be a SSO issue, so I figured I'd start there.
The query I'm using is exactly the one you mentioned above just so I can verify functionality. I'm trying to work around the issue by creating the filter within Netwitness itself for the time being, but it's not cooperating either (of course). haha.
... View more
06-25-2019
10:06 AM
When using the search app for RSA Netwitness, I receive the following errors.
However, when I use the non-search version of the app, I have no issues with authentication.
The credentials and environments are exactly the same otherwise. I've tried using the PassAuth and configuration file authentication options, but I get the same results regardless. Any advice?
ERROR: Check settings in nwsdk_query.conf.
ERROR: Couldn't read authentication details PassAuth or from nwsdk_query.conf.
... View more
05-21-2019
10:19 AM
I have, indeed. I'm kind of hoping it's a credential issue on the Box side, but there's not a lot to support that yet. Still looking into it.
... View more
05-20-2019
09:53 AM
I'm actually getting the same errors. While I'm getting basic events, I'm not getting the folder, group, or user events. Any ideas?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
04-26-2024
09:02 AM
|
Karma given to
