Bhavin Patel
Bhavin Patel
Neat PR, thanks for fixing this. We have moved our tooling that generates such file to this new repository. This new tooling is more robust and has more features to...
This should now have been fixed in contentctl : Thanks @DipsyTipsy https://github.com/splunk/contentctl/pull/78
@DipsyTipsy : I am working on an effort right now to standardizing a bulk of it and will keep you posted! Do you guys use threat_object fields in your DaaC/SOC...
Hello @DipsyTipsy: Great use case! We have made a few updates to out tooling and our yamls, namely added this check while generation of threat objects that only a certain...
The PR is updated based on @cyberbuff 's comments ! thank you for the atomic @prashanthpulisetti
Yes, the PR is good! Thanks for contributing this test !
Is there an associated detection where we can use this attack_data?
Yes, it looks like we need this to run locally where the splunk server is running. The instructions look good! Thank you @fryguy04
@matchstickboy - Are you able to run the searches from the dashboard manually ? I wonder if you dont have any events specific to show in your environment. Is this...
Closing this issue due to inactivity! @matchstickboy Feel free to open this issue if this issue persists! Thank you