Activity Feed
- Posted Re: Windows Security events: XML vs. non-XML format on Dashboards & Visualizations. 02-18-2018 06:05 AM
- Posted Re: Windows Security events: XML vs. non-XML format on Dashboards & Visualizations. 02-17-2018 11:12 AM
- Posted Re: Blue Coat Field extractor name=custom_client_events is unusually slow on All Apps and Add-ons. 09-19-2017 07:36 AM
Topics I've Started
No posts to display.
02-18-2018
06:05 AM
That is an interesting detection, on the day to day use XML events have more issues with extracting CIM fields like src, user,dest app which can hamper more common detections.
... View more
02-17-2018
11:12 AM
Standard mode is generally preferred for security use case.
... View more
09-19-2017
07:36 AM
Another solution I've been working on is a bit more efficient than cef like formating and allows for use of an actual syslog server updated TA is published here https://bitbucket.org/SPLServices/splunk_ta_bluecoat_proxysg/
... View more
