Hello family, here is a concern I am experiencing: I have correlation searches that are activated or enable, and to verify that they are receiving CIM-compliant data that are required to make it work, when I search their name one-by-one on a Splunk Enterprise Security dashboard pane to make sure the dashboard populates properly, nothing comes out. But when I run the query of this correlation searches on the Search and Reporting pane of Splunk, I will see the events populate. I have gone through the Splunk documentation on CIM-Compliance topics already and watched some You Tube videos, but still don't get it...Please any extra sources from anyone that can help me understand very well will be very welcome. Thanks and best regards.
... View more