DetectionLab icon indicating copy to clipboard operation
DetectionLab copied to clipboard

Published 20 hours ago verified publisher icon clong

ESXi - Splunk Threat Hunting App issue

Open liviurosioara opened this issue 3 years ago • 1 comments

Hi again,

I managed to deploy the lab on a ESXi 7.0.3 host running on Intel NUC 11.

The only issue I have now is related to Splunk Threat Hunting App which shows zero threats all the time. I tried executing all Atomic Red Bomb tests and there are no changes after that.

The Threat Hunting App complains about missing threathunting_asset_priority.csv. I created this file similar to the instructions posted here: https://github.com/clong/DetectionLab/issues/706 however no significant changes. I also unarchived the whitelist csv files from Olaf.

liviurosioara avatar Nov 04 '21 09:11 liviurosioara

Hi again,

I managed to deploy the lab on a ESXi 7.0.3 host running on Intel NUC 11.

The only issue I have now is related to Splunk Threat Hunting App which shows zero threats all the time. I tried executing all Atomic Red Bomb tests and there are no changes after that.

The Threat Hunting App complains about missing threathunting_asset_priority.csv. I created this file similar to the instructions posted here: https://github.com/clong/DetectionLab/issues/706 however no significant changes. I also unarchived the whitelist csv files from Olaf.

Out spanish goo Luke/intro_(*)

Cris5955 avatar Dec 26 '22 13:12 Cris5955