×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
torstein1
Explorer
Member since: ‎08-16-2022
‎12-11-2025
Community Statistics
Posts 4
Solutions 1
Karma Given 0
Karma Received 10
Member Since ‎08-16-2022
Activity Feed
View All

Threat Intelligence Management - Wrong threat matc...

by in Splunk Enterprise Security
‎02-27-2023 11:19 PM
2 Karma
‎02-27-2023 11:19 PM
2 Karma
Hi, I have looked at Threat match "src" under Threat Intelligence Manager. In the configuration the datamodel DNS Resolution is enabled and the match field is DNS.query. However, in the generated SPL i find these to lines:   | eval "threat_match_field"=if(isnull('threat_match_field'),"src",'threat_match_field') | eval "threat_match_value"=if(isnull('threat_match_value'),'DNS.query','threat_match_value')   This will change the threat_match_field to src, but I would have thought it should be "query"? And this will make a wrong description in the Threat Activity use case when the fields are populated. Is this a fault, have anyone else noticed this? ... View more

Re: Risk based alerting - Contributing Risk Event...

by in Splunk Enterprise Security
‎10-04-2022 05:00 AM
1 Karma
‎10-04-2022 05:00 AM
1 Karma
Temporary Solution: Try setting static values to the following parameters: action.notable.param.drilldown_earliest_offset action.notable.param.drilldown_latest_offset. By doing this it was possible to click the "View contributing events" link. ... View more

Re: Risk based alerting - Contributing Risk Event...

by in Splunk Enterprise Security
‎09-26-2022 06:18 AM
1 Karma
‎09-26-2022 06:18 AM
1 Karma
The drilldown button is mentioned in step 7 in this article: Triage notables on Incident Review in Splunk Enterprise Security - Splunk Documentation ... View more

Risk based alerting - Contributing Risk Events Dr...

by in Splunk Enterprise Security
‎09-26-2022 05:56 AM
5 Karma
‎09-26-2022 05:56 AM
5 Karma
Hi, I have problems with the drilldown button in the "Risk Event Timeline" view for an Risk Notable. When expanding Risk rules in the "Risk Event Timeline" view, you can click on a drilldown field named "Contributing events: View contribting events". This button is disabled with the following message: "View contributing events" link is disabled as there is no drilldown search available for this risk rule. The Risk rule is configured as a notable and has a drilldown search.  Does anybody know how to enabled the drilldownsearch in the "Risk Event Timeline" view   ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-11-2025 12:24 AM