search

remg427 / TA-thehive

Splunk TA for alert action to TheHive-project
GNU Lesser General Public License v3.0
11 stars 3 forks source link

Observable Types unknown #17

Closed pcyr44 closed 5 years ago

pcyr44 commented 5 years ago

Good afternoon, after integrating Splunk ES adaptive response through the correlation search I am now receiving alerts into TH instance but I am unable to ingest these with the proper observable type. The only observable type I am receiving is other. Thank you.

remg427 commented 5 years ago

Hi, You have to use standard datatype names as field names e g. ip domain or edit the lookup CSV file to adapt mapping between the field names and the data types they have Hope it is clearer Remi

Le 13 août 2019 17:53:37 GMT+02:00, pcyr44 notifications@github.com a écrit :

Good afternoon, after integrating Splunk ES adaptive response through the correlation search I am now receiving alerts into TH instance but I am unable to ingest these with the proper observable type. The only observable type I am receiving is other. Thank you.

-- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/remg427/TA-thehive/issues/17

-- Sent with K-9 Mail.