Issues
- 0
Threat Hunting trigger overview is full of 0
#121 opened by javieru14 - 14
threathunting_file_summary is empty
#114 opened by robojockjb - 12
threathunting dashbord is full of 0
#120 opened by zhjygit - 1
Hardcoded Index in Dashboard Panel
#118 opened by kaihangaverdener - 1
Documentation to Add more TTP's?
#117 opened by DerF66 - 0
host_fqdn not generating and matches props.conf
#116 opened by DerF66 - 0
- 0
- 4
- 1
asset priority lookups unnecessarily case sensitive
#113 opened by dstaulcu - 1
Does it require Sysmon...?
#112 opened by Logeshrathinakumar - 1
Process Injection
#111 opened by cchansk - 0
Event 11 Looking for OriginalFileName
#110 opened by craigsmooth - 14
Hello, my threat hunting dashboard keeps showing 0 data, but the Activity by time per day dashboard underneath is circulating.
#106 opened by creazyqin - 13
- 0
Hack wassap
#105 opened by Cris5955 - 6
- 2
process create whitelist editor eval errors on add/remove actions when input values have special characters
#101 opened by dstaulcu - 1
Change requirement checks from TA-microsoft-sysmon to Splunk_TA_microsoft_sysmon
#97 opened by dstaulcu - 3
- 1
mitre_technique_id not extracting consistently in whitelist management dashboards
#99 opened by dstaulcu - 0
Could not load lookup=LOOKUP-record_type
#96 opened by ledge39 - 4
threathunting_asset_priority.csv missing
#82 opened by mcnietert - 1
Invalid eval expression - EVAL-file_extension
#85 opened by barrettnet - 2
- 2
- 1
[T1086] PowerShell Downloads - WinProcess
#89 opened by shahrokhnik - 1
[T1191] CMSTP (report) need to edit
#88 opened by shahrokhnik - 0
App not found
#90 opened by brown249 - 1
Update required apps
#58 opened by Karma1331 - 6
- 1
Whitelisting is case sensitive
#52 opened by afxmac - 3
404 Error - when trying to edit the macro
#84 opened by sbvishnu - 2
- 1
host_fqdn not extracting
#81 opened by Karma1331 - 4
- 0
Paths not escaped in CDATA href from MITRE drilldown (mitre_attack_overview.xml) view
#78 opened by sebastiendamaye - 0
- 2
- 1
Newbie question
#72 opened by y0d4a - 1
- 2
Splunk Add on for Sysmon
#71 opened by JBStudios - 7
- 4
Eval command failing in props.conf
#60 opened by Suirand1 - 2
- 0
"Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.". No actions executed"
#59 opened by akjhhauyo956dhhv05 - 1
Still direct references to Windows index
#50 opened by afxmac - 3
Could not load lookup=LOOKUP-sysmoneventcode
#54 opened by Moofeng - 1
source vs. sourcetype
#51 opened by afxmac - 1
Could not load lookup=LOOKUP-sysmoneventcode
#53 opened by Moofeng