remg427
commented
3 years ago Hello, if you query again for this event you should get new tags so it is a matter of updating your collection on splunk . I don't know if it is a lookup table, a kvstore that can be edited or an index where you would need to index the events again
Hello,
I noticed that, when I am adding tags to an existing MISP Event (inside the MISP), these changes are not going to be "transferred" via the misp42 to the already existing Splunk Misp Event.
Am I doing something wrong, or missing a flag?
Thank you!