joeymoore
commented
2 months ago Hey @browneyedleagh - Good question. Can you upload the config for the AA minus the API creds and then send me the log from start up with DEBUG enabled.
Closed browneyedleagh closed 1 month ago
joeymoore
commented
2 months ago Hey @browneyedleagh - Good question. Can you upload the config for the AA minus the API creds and then send me the log from start up with DEBUG enabled.
Should we be able to use HEC for the Attack Analytics? I was able to set it up successfully for Incapsula:cef but I am unable to get it working for AA. I see the .gz logs going into the archive but the logs never make it to Splunk. The scripts are running on the same server. I have tried using the same HEC and a different one with no luck. This is the install we are currently using incapsula-logs-downloader-release-3.0.0-beta.