SecOps forum
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Forum Posts

Resolved! How can I track when data is exported from an instance?

Hi, Is there any way to track if a user is exporting data from an instance? The transaction logs give me lots of information but I'm struggling to pinpoint when the function of exporting to .csv, .xls or pdf is happening. Appreciate any help...

ners by Giga Contributor
  • 2968 Views
  • 2 replies
  • 2 helpfuls

Risk score configuration

Hi, I'm just getting started with Security incident response, and I'm lost on how the risk score gets calculated out of the box. I'm trying to go through the RiskScoreUtil script include, but just wondering if someone else has already done this, and ...

cbester by Tera Contributor
  • 2287 Views
  • 3 replies
  • 1 helpfuls

Resolved! Anyone successfully activated the Crowdstrike plugin?

Greetings,We are trying to activate the Crowdstrike plugin in our dev instance for a proof of concept cycle, however, we continue to receive error messages that we are inputting incorrect API key and AIP ID info - we pulled the API info from our Crow...

Where is the correlation_id value used?

Hello..   I have been trying to understand where is the correlation_id field is used in the security operations application when managing an incoming security event.OOB, I think the SIEM (Splunk) sends a snsecevent message to SN.   I get to see the c...

Resolved! issues with notifcations in security incident response?

Hi All! After installation of the Security Incident Response plugin we faces with unexpected behavior of notifications.After creation of the Security Incident   there is no notification about creation of the SIR. But there is one about update of the ...

maximus by Tera Expert
  • 1344 Views
  • 1 replies
  • 7 helpfuls