×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
noiiaz
Explorer
Member since: ‎02-12-2025
‎02-19-2025
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎02-12-2025
View All

Re: Monitoring Sync Status between MISP42 and ES i...

by in Splunk Enterprise Security
‎02-19-2025 06:28 AM
‎02-19-2025 06:28 AM
Hi @livehybrid,   I've come to find out that monitoring the search itself is all I was able to find in the logs. I cannot seem to find a trace of an API sync or an API pull. I'm sure it exists, but I can't find anything in the  _internal index related to it. Looking in there was also what was suggested by our technical representative.   I'll mark the monitor the sync as the solution as an alternative 🙂   Thanks! ... View more

Re: Monitoring Sync Status between MISP42 and ES i...

by in Splunk Enterprise Security
‎02-12-2025 07:39 AM
‎02-12-2025 07:39 AM
Hi @livehybrid,   I think that is a good place to start. I am going to tinker with that and report back. I have also challenged our success engineer at Splunk for any input, so I will report back with those findings too.   Have a great day! Antoine ... View more

Monitoring Sync Status between MISP42 and ES insta...

by in Splunk Enterprise Security
‎02-12-2025 06:49 AM
‎02-12-2025 06:49 AM
Hi guys,   I am looking to build a query/dashboard that would monitor the status of the connection of the splunk API to the MISP42 instance.   I am unsure how to go about this, I can't find anything interesting in _internal index to fetch or look at or a heartbeat that would indicate a successful handshake.   To my understanding, a search is ran every X days (we set it up once a day) to write the data we have in our MISP instance to lookups. Those different lookups are then used for Threat Intelligence and is mapped.   Maybe I should monitor the search to see if it did not write any updates? I am trying to get notified or a query that would let me know there is an issue with the feed.   Thanks, ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎02-19-2025 01:03 PM
Karma given to
View All