You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi team,
This is just a minor questions, mainly because I am not so sure about what this repo does. However, I am using Trellix and I have a main activity feed where I can see the alerts from all the hosts I manage.
I wonder if I can use this code to pull alerts, and if it can, I would like to send it to Splunk
So I used the samples.splunk argument, and I did uncomment the code part for the any_case_event function.
Butsince I ran the command:
Hi team,
This is just a minor questions, mainly because I am not so sure about what this repo does. However, I am using Trellix and I have a main activity feed where I can see the alerts from all the hosts I manage.
I wonder if I can use this code to pull alerts, and if it can, I would like to send it to Splunk
So I used the
samples.splunkargument, and I did uncomment the code part for the any_case_event function.Butsince I ran the command:
mvision-edr-activity-feed --url https://api.soc.ap-south-1.trellix.com/ --client_id YOUR_CLIENT_ID --client_secret YOUR_CLIENT_SECRET --module samples.splunk --loglevel=debugI have never received anything, all were empty brackets
Received payloads: [], just like the example image in the repo's README file.I think I have mistaken the command, can someone help with this question please!
The text was updated successfully, but these errors were encountered: