Could not load lookup=LOOKUP-sysmoneventcode

olafhartong / ThreatHunting

A Splunk app mapped to MITRE ATT&CK to guide your threat hunts

MIT License

1.12k stars 177 forks source link

Could not load lookup=LOOKUP-sysmoneventcode #54

Closed Moofeng closed 4 years ago

Moofeng commented 4 years ago

I suggest we set up a discussion group

sebastiendamaye commented 4 years ago

In the ./lookups folder, create a symbolic link to sysmoneventcode.csv that points to sysmoneventcodes.csv and restart Splunk. Or fix the typo directly in ./default/props.conf

olafhartong commented 4 years ago

Thanks for pointing this out, it has been adjusted in the latest commits