×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Cayplos
Engager
Member since: ‎11-30-2022
‎12-15-2022
Community Statistics
Posts 1
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎11-30-2022
View All

Threat_Intelligence.Threat_Activity- How can I con...

by in Splunk Enterprise Security
‎11-30-2022 05:19 AM
‎11-30-2022 05:19 AM
Hi, I use Splunk Enterprise Security with Threat Intelligence framework. Splunk creates many notables 'Threat Activity Detected' but I'd like to add/remove/edit source types. I have only events with field "orig_sourcetype="apache:access" now. For example I tried add events from firewalls and compare source with suspicious IPs. How can I configure these fields "orig_sourcetype" in Threat Intelligence data model ? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎12-15-2022 10:45 AM
Karma given to
View All