×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
cyber_geek
Loves-to-Learn
Member since: ‎05-17-2024
‎01-23-2025
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎05-17-2024
View All

Re: Any use cases for darktrace

by in Splunk Enterprise Security
‎10-30-2024 11:43 AM
‎10-30-2024 11:43 AM
Hi, I'm struggling to get our security tools alerts (eg., Darktrace, Palo alto) to ES in notable events wherein our security analysts can go in look for all alerts and have a view of single pan of glass. Could you please assist me how you configured a correlation search to create notables when Darktrace alerts logged into Splunk? Many thanks in advance! ... View more

Error after MISP feed integration with Splunk Add-...

by in Splunk Enterprise
‎05-17-2024 08:19 AM
‎05-17-2024 08:19 AM
I've lately installed MISP add-on app from Splunk to integrate our MISP environment feed to Splunk app using the URL and the Auth API.  That being said, I was able to configure it with details required in MISP add-on app. However, after the configuration, I'm getting the following error: (Restricting results of the "rest" operator to the local instance because you do not have the "dispatch_rest_to_indexers" capability). Furthermore, by looking into the role capabilities under Splunk UI setting, I dont see "dispatch_rest_to_indexers" role either. Could someone please assist? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎01-23-2025 05:56 PM