search

splunk / attack_data

A repository of curated datasets from various attacks
Apache License 2.0
588 stars 95 forks source link

how do I make splunk es to check my uploaded logs #894

Open maybe-why-not opened 5 months ago

maybe-why-not commented 5 months ago

I have installed splunk es app and uploaded botsv1.stream_http.json image but incident_review and ess_security_posture is not hitting any event image how do I make splunk es to check my uploaded logs and generate a list of alerts like below. Please note that I am not checking the logs forwarded by agent, but the log files uploaded on the browser side image thank you

TheLawsOfChaos commented 1 month ago

The BOTS sample data is a single moment in time. So you need to ensure your ES Correlation searches are reviewing events for that time period.