search

splunk / rba

RBA is Splunk's method to aggregate low-fidelity security events as interesting observations tagged with security metadata to create high-fidelity, low-volume alerts.
https://splunk.github.io/rba/
47 stars 9 forks source link

[Issue]: Risk Attribution (Investigative View) Errors #105

Open ccl0utier opened 1 year ago

ccl0utier commented 1 year ago

Description

The dashboard shows errors for some panels and seems to expect lookups that don't seem to be provided as part of this Github/app.

image

When Show Attack Web is selected, a similar error is displayed:

image

Related links

ZachTheSplunker commented 1 year ago

My guess is we need to scrape the old SA-RBA repo for these legacy artifacts: https://github.com/apger/SA-RBA/tree/master/lookups

ccl0utier commented 1 year ago

Same goes for the related issue I opened.