cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Suirand1
Explorer
Member since: ‎07-28-2020
‎09-22-2021
Community Statistics
Posts 9
Solutions 0
Karma Given 4
Karma Received 2
Member Since ‎07-28-2020
Activity Feed
View All

Re: Upload Threat Intelligence not working

by in Splunk Enterprise Security
‎09-19-2021 11:31 PM
‎09-19-2021 11:31 PM
I am in the same situation. Endpoint filesystem datamodel has file_hash and file_name values. I do see those values uploaded to Threat artifacts dashboard succesfully. However threatintell is not hitting it for some reason. Any help would be apreciated. ... View more

Re: Why is "Threat file_intel" not capturing hash ...

by in Splunk Enterprise Security
‎09-17-2021 06:38 AM
1 Karma
‎09-17-2021 06:38 AM
1 Karma
I am in the same situation. Endpoint filesystem datamodel has file_hash and file_name values. I do see those values uploaded to Threat artifacts dashboard succesfully. However threatintell is not hitting it for some reason. Any help would be apreciated. ... View more

Re: 500 Internal Server Error when I click "Manage...

by in All Apps and Add-ons
‎03-19-2021 05:21 AM
‎03-19-2021 05:21 AM
I am having the same problem too ... View more

Re: Security Essentials CIM Compliance Check error

by in All Apps and Add-ons
‎03-02-2021 03:52 AM
‎03-02-2021 03:52 AM
I am having the same situation with the same error message. ... View more

Re: Fortinet Fortigate App for Splunk Empty Dashbo...

by in All Apps and Add-ons
‎02-05-2021 01:58 AM
‎02-05-2021 01:58 AM
I installed Add-on installed FortigateAPP for splunk. Enabled data model acceleration. "Traffic dashboard" is showing results, however Overview dashboard is empty. Most of the macros searches is not returning any results. I am ingesting fortigate logs via SC4S, by default they goes to "netfw" - index, SC4S-source, fgt_traffic -sourcetype.  I also added local/props.conf for Add-on : [fortinet] TRANSFORMS-force_sourcetype_fgt = force_sourcetype_fgt_traffic,force_sourcetype_fgt_utm,force_sourcetype_fgt_event SHOULD_LINEMERGE = false Any ideas why macros are failing?  ... View more

Re: Windows Process Name inputs.conf Blacklisting ...

by in All Apps and Add-ons
‎01-25-2021 06:52 AM
‎01-25-2021 06:52 AM
Without creating new topic I will ask here. SSE Docs provides example of "inputs.conf " on onboarding windows logs with a failing regex line which gets discarded by splunkd : "blacklist3 = EventCode="4688" Message="New Process Name: (?i)(?:[C-F]:\Program Files\Splunk(?:UniversalForwarder)?\bin\(?:btool|splunkd|splunk|splunk-(?:MonitorNoHandle|admon|netmon|perfmon|powershell|regmon|winevtlog|winhostinfo|winprintmon|wmi)).exe)"" Could somebody provide some fix for this, and correct an error in the DOCS.? ... View more

Re: Getting mutiple issues when enabling ssl on Sp...

by in Splunk Enterprise Security
‎01-14-2021 04:40 AM
‎01-14-2021 04:40 AM
I suppose you wanted to say in "server.conf" instead of "web.conf". I do get these errors even after configurig sslRootCAPath  in server.conf ... View more

Re: SSE v3.1.2 CIM compliance check returns only 2...

by in All Apps and Add-ons
‎07-28-2020 11:06 PM
‎07-28-2020 11:06 PM
Indexer and search head is the same VM.  Common Information Model app along with SA-cim_vladiator are installed.  Do not know how to debug. Is there any additional configuration needed for my setup and SSE app? P.S. I have noticed in DATA Inventory dashboard that my products "Status" do not get "Completed".  It allways stays in "Analyzing CIM and Event Size" status. ... View more

SSE v3.1.2 CIM compliance check returns only 2 com...

by in All Apps and Add-ons
‎07-28-2020 07:46 AM
‎07-28-2020 07:46 AM
I am very new to Splunk. Using Universal forwarder I send windows application, security, system, sysmon logs to SSE app. I followed SSE provided all data onboarding guides for indexes , sources, sourcetypes configuration. I successfully run automated introspection in data inventory dashboard. However when i run CIM Compliance Check I get only 2 compliant fields for Microsoft products. SPL searches also fail since I am missing some fieldnames which are provided in Security content. I have TA-windows and TA-sysmon installed in UF and Searched. Logs gets parsed as XML data by these TA If I understand correctly I am missing some CIM datamodel. Could you explain where to find and how to apply the right CIM data model for this app. ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎09-22-2021 01:44 PM
Karma from
View All
Karma given to
View All