CASB SIEM agent not pulling both Investigate and Detect data
search cancel

CASB SIEM agent not pulling both Investigate and Detect data

book

Article ID: 266145

calendar_today

Updated On:

Products

CASB Securlet SAAS CASB Security Advanced CASB Security Premium CASB Security Standard

Issue/Introduction

We are working on CASB SIEM agent (splunk_agent.py) script.

There is an option to select elastica_app "investigate" or "detect"

We’d like to pull both investigate and detect logs together but can't get it to work.

 

Resolution

Investigate and Detect API queries cannot be combined into one. Working as Designed.

See CloudSOC API Getting Logs Tech Doc for details.

 

 

 

 

Powered by Wolken Software