I am useing the Global Threat Landscape (GTL) app and like it
I wan to build a report that shows any of the IP's on the IP_Watchlist that have contacted my firewall. I would like to see this type of report.
top 10 Offending_IP, Country, Destination_IP, Destination_DNS_Name, Firewall_Action
My question is how do I use the GTL offending_ip and country lookup info to search my firewall logs for connection state?
Change the permissions of the app so the "Sharing for config file-only objects" is set to "All apps" .. then all the other apps will be able to see what's available in that specific app.
Change the permissions of the app so the "Sharing for config file-only objects" is set to "All apps" .. then all the other apps will be able to see what's available in that specific app.
It does not work i.e. I cant see the fields of the ip watch list when I run a search with other indexers.
Thats a good start thanks I'll let you know if I figure it out.