-
* Operating System Version: Ubuntu
* Deploying via VMWare:
* Vagrant Version: 2.2.14
*
The threathunting dashboard in Splunk appears to no longer be showing any data and is instead giving errors…
-
In my environment ThreatHunting app is taking unsuitable fields that were extracted by Windows TA because of using known field names in extractions like event_id. I don't know why those extractions ar…
-
The search misses a quote after RestrictedRemoteSamEventThrottelingWindow before the NOT.
This leads to the following error in the Splunk log:
08-12-2020 01:00:00.788 +0200 ERROR SavedSplunker - s…
-
Hi all,
I will need to do a complete reset to figure out my issue, just preliminary posting here.
A lot of my field extractions from the TA for sysmon do not align with the searches for threa…
-
Hi, i am very interested in this product but have beginner question... i do not understand how to setup...
I installed app. also installed all additional (sankey, timeline...) and setup macros. But d…
y0d4a updated
3 years ago
-
I have ThreatHunting 1.4.4 with TA-microsoft-sysmon 10.6.2. For some reason APP searches always return 0 events. After deeper inspection I figured out that problem is with field names used in searches…
-
Hi,
I'm getting this error.
![image](https://user-images.githubusercontent.com/20931741/72523415-c9b81b00-3870-11ea-9e5b-cd17cd3031cf.png)
I suspect its because I have not defined mitre_category …
-
Figure out why events aren't populating correctly
clong updated
3 years ago
-
Hello there, I´m trying to install threathunting app, but for some reason I could not find out why is throwing this error:
![Threat Hunting trigger overview](https://user-images.githubusercontent.c…
-
Hi,
the app references the sourcetypes
[XmlWinEventLog:Microsoft-Windows-Sysmon/Operational]
[WinEventLog:Microsoft-Windows-Sysmon/Operational]
[WinEventLog:Security]
in props.conf.
But when …