Computer drilldown returns no events occasionally

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.12k stars 177 forks source link

Computer drilldown returns no events occasionally #25

Closed 70bb3 closed 4 years ago

70bb3 commented 5 years ago

On the overview page and when clicking on a row in the pane "Top triggered host_fqdns" the Computer Drilldown appears. The graph seems to work fine, but the "related raw logs" pane is empty some times. It seems to be due to the query is limited to show sysmon events only, not including regular windows events, which the dashboard in the previous view is also based on.

olafhartong commented 5 years ago

Thanks for letting me know! I'll take care of this.

olafhartong commented 5 years ago

Revised the dashboard in the current version. Could not reproduce your issue. Can you check whether it’s working as expected?