-
**Describe the bug**
The *start_time* argument is supposed to accept a Python datetime object, but when searches using that feature return quickly with no data. Searches for the same timeframe using…
-
Hi,
while trying to understand why the app delivers nothing for me and does not deliver anything into the threathunting index, I found a few spots where a windows index is directly referenced.
`**…
-
I see several messages in the _internal index in Splunk like the following:
>
ERROR SavedSplunker - savedsearch_id="nobody;ThreatHunting;[T1003] Credential Dumping ImageLoad", message="Error in '…
mortf updated
4 years ago
-
* Operating System Version: Windows Server 2016
* Deploying via (VirtualBox/VMWare/AWS/Azure/ESXi): Terraform > Azure
* Vagrant Version (if applicable): N/A, Azure latest master branch
Please ve…
-
- Operating System Version: Ubuntu 18.04.04
- Provider (VirtualBox/VMWare): VBox version 6.1.4
- Vagrant Version: 2.2.7
- Packer Version: 1.5.4
- Are you using stock boxes (downloaded) or were the…
-
Could you provide for me link to link_analysis_app on splunk base?
-
I'm having an problem that I can't figure out, and I'm at wit's end over it now.
I've got a clean install of Splunk, and I've installed the ThreatHunting app. Created the ThreatHunting index. Ins…
biz0b updated
4 years ago
-
Hi Olaf,
I have ingested Sysmon data in to "windows" index and all the pre-requisites apps are installed. macros have been updated with correct sourcetype for Sysmon data/query. Copied all the look…
-
Where can i find the indextime extraction for the threathunting index. There is a other fields when looking in to process views and the "indextime" dont show up.
-
ThreatHunting (v1.3.4) uploaded to Splunkbase is failing to pass Splunk Cloud vetting due to the following issues:
This is the commentary from Splunk Support:
The version of the app our Vetting …