cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
roden
Loves-to-Learn Lots
Member since: ‎06-11-2020
‎01-15-2021
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎06-11-2020
Topics I've Started
No posts to display.
View All

Re: splunk validate cluster-bundle throws error "i...

by in Splunk Dev
‎09-06-2020 05:31 PM
‎09-06-2020 05:31 PM
Per the link you provided, useClientSSLCompression is part of the [tcpout] stanza, not the [SSL] stanza: https://docs.splunk.com/Documentation/Splunk/6.6.2/Security/ConfigureSplunkforwardingtousesignedcertificates#Configure_your_indexer_to_use_a_signed_certificates ... View more

Re: Can we update splunk drill now URL in alert ac...

by in All Apps and Add-ons
‎09-01-2020 08:19 PM
‎09-01-2020 08:19 PM
TA-ServiceNow-SecOps/bin/sn_sec_util.py contains the Python code that sets dataMap['external_url'] to "https://<host>:8000/app/search/search" if the  external_url value is not set in the dataMap. You could back up this file and hard-code the IP in place of the host, and update the port as required. You could also add this field (or others) via the GUI by modifying TA-ServiceNow-SecOps/default/data/ui/alerts/sn_sec_event_alert.html (and others), specifying a control-group div, and adding the relevant label, controls div, input field and optional help-block span element. Some additional modification may be required to have the external_url field value processed correctly by the associated script(s). ... View more

Re: Manual search commands

by in All Apps and Add-ons
‎09-01-2020 05:19 PM
‎09-01-2020 05:19 PM
Reference documentation available at https://docs.servicenow.com/bundle/kingston-security-management/page/product/secops-integration-splunk-addon/concept/manual-search-commands.html#security-incident The command needs to be at the beginning of your search, preceded by a pipe character. E.g. | snsecevent node TESTnode type TESTtype resource TESTresource You can see the workflow action in Splunk under Fields -> Workflow actions, which shows the equivalent search using placeholders. Are you able to use the | snowevent or | snowincident commands in the ServiceNow add-on? Reference: https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Commandsandscripts Finally, if you have access, you could try script execution of the TA_ServiceNow_SecOps/bin/sn_sec_event.py per the commands.conf mapping. The relevant parameters are passed into a datamap[] and then to the SNOW REST API NB: sn_sec_event_alert.py maps to the actions specified in the alert_actions.conf file, which aligns with the GUI fields in the Security Operations Integration add-on. Hope that helps. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-15-2021 12:51 PM