ThreatHunting
ThreatHunting copied to clipboard
olafhartong
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts
Search have to clear the input_* fields before saving to .csv. If not it's gonna clear whole csv when user gonna set input_mode to "delete"
- made some changes to the savedsearches schedule because in many environments 134 searches at the same time will cause a lot of skipped searches. now only 9 searches will...
I keep getting this error, any ideas? Could not load lookup=LOOKUP-record_type Many thanks Gareth
Adding to the whitelist works just flawless, but when I try to remove any record it deletes everything from that particular csv I'm using.  Here I filled it with...
Add (input_ComputerName) and change all the associated variables to work with the new updates
Utilising the most upto date app downloaded cloned from GitHub, when clicking on the numbers within the threathunting overview an app not found page comes up.
I've searched through all of the XML and CONF files in the ThreatHunting application and cannot find how the summary index is being populated. Is there additional configuration to populate...
We are getting a 404 error when we try to edit the macro to suit our organization needs as per your instructions in ‘**Required actions after deployment**' Section. (https://YOURSPLUNK/en-US/manager/ThreatHunting/admin/macros) Can...
Seems like the host_fqdn reference fieldname in props.conf changed from Computer to ComputerName.
The "File created whitelist editor" view (file_create_whitelist.xml) doesn't work. Clicking on the "Submit" button doesn't add the entry, and the csv file `threathunting_file_create_whitelist.csv` should be manually edited.
Metadata
Owner
Metadata
A Splunk app mapped to MITRE ATT&CK to guide your threat hunts