mcnietert
commented
3 years ago Could you provide some background on this lookup? Is this something that is supposed to be included in the release or do we need to generate it?
Closed mcnietert closed 2 years ago
mcnietert
commented
3 years ago Could you provide some background on this lookup? Is this something that is supposed to be included in the release or do we need to generate it?
Moofeng
commented
3 years ago +1
Suirand1
commented
3 years ago +1
credibleforce
commented
3 years ago Looks like the fields are host_fqdn and priority. Workaround the error with this:
echo -e "host_fqdn,priority\n" > /opt/splunk/etc/apps/ThreatHunting/lookups/threathunting_asset_priority.csv
Hey there,
We don't have this lookup which is referenced in a few different places, including the 'Top triggered host_fqdns in the selected timeframe' in the overview page, and our users have been complaining.
These files reference threathunting_asset_priority.csv: ./apps/ThreatHunting/default/data/ui/views/threat_hunting_overview.xml ./apps/ThreatHunting/default/data/ui/views/asset_priority.xml ./apps/ThreatHunting/default/macros.conf ./apps/ThreatHunting/default/transforms.conf