Avatar

1 - Sumo Admin

  • Total activity 8
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 1
  • Subscriptions 0

Activity overview

Latest activity by 1 - Sumo Admin
  • Avatar

    1 - Sumo Admin created a post,

    When do you plan to support Forwarded Events?

    I configured WEC in my environment only to find that the collector at the top of the hiarchy, which has the Sumo agent on it, won't send the data through because Sumo doesn't support WEC event Fo...

  • Avatar

    1 - Sumo Admin commented,

    We don't use AD for DHCP, but i do gather these logs. I place them into their own partition and then create a aggregated incremental view of this partition every 15m. I can then search back through...

  • Avatar

    1 - Sumo Admin created a post,

    Sessionize Field Extracted Logs

    Can someone provide an example of sessionizing with already extracted fields. I don't really want to create another parser type snipit in the sessionize operator when I have the data extracted vi...

  • Avatar

    1 - Sumo Admin created a post,

    Transpose Row Total

    is there a way to create a dynamic column within transpose operator that will provide say, a row total? I am not sure what the _fieldname is that the transpose operator uses for its data...

  • Avatar

    1 - Sumo Admin created a post,

    Palo Alto Threat Vault

    In case anyone uses Sumo for security, realize you can injest the predefined Palo Alto Threat Vault database from your firewall. This is handy because the PA threat event does not contain the CVE n...

  • Avatar

    1 - Sumo Admin created a post,

    Integrating Open Source Threat Intellegence

    From a security perspective, there are quite a few open source blocked/malicious ip lists available out there. Many sites also provide domain block lists or more specific command and control host/p...

  • Avatar

    1 - Sumo Admin commented,

    Question, if I wanted to look at the average bytes sent out of my network by the top ten talkers, and then watch to see if any individual talker exceeds the std dev of these top ten, how would I do...