diff --git a/cyences_app_for_splunk/default/data/ui/views/cs_device_inventory_table_v2.xml b/cyences_app_for_splunk/default/data/ui/views/cs_device_inventory_table_v2.xml index 804ffc83..0bb11733 100644 --- a/cyences_app_for_splunk/default/data/ui/views/cs_device_inventory_table_v2.xml +++ b/cyences_app_for_splunk/default/data/ui/views/cs_device_inventory_table_v2.xml @@ -52,7 +52,7 @@ -

If you are looking at the Device Inventory for the first time and you don't see all the available devices in the table below then you can manually execute Device Inventory Backfill report to fill all the lookups. (By default it runs over last 30 days of time to collect the device inventory.)

+

If you are looking at the Device Inventory for the first time and you don't see all the available devices in the table below then you can manually execute Device Inventory Backfill - V2 report to fill all the lookups. (By default it runs over last 30 days of time to collect the device inventory.)

@@ -360,34 +360,4 @@ - - - Product Device ID Conflicts Auto Merged - - - - -24h@h - now - - - - ADMIN - - index=_internal sourcetype="cyences:logs" CASE(INFO) "is already present, while adding record" -| rex "\'uuid\':\s'(?<uuid>[^\']+)\'" | rex " - data_pointer\[(?<product>[^\]]+)\]=(?<product_id_1>.*)\sis already present" -| rex "\(\'lansweeper_id\', \'(?<product_id_2_lansweeper>[^\']+)\'\)" | rex "\(\'tenable_uuid\', \'(?<product_id_2_tenable>[^\']+)\'\)" | rex "\(\'qualys_id\', \'(?<product_id_2_qualys>[^\']+)\'\)" | rex "\(\'sophos_uuid\', \'(?<product_id_2_sophos>[^\']+)\'\)" | rex "\(\'windows_defender_host\', \'(?<product_id_2_windows_defender>[^\']+)\'\)" | rex "\(\'crowdstrike_userid\', \'(?<product_id_2_crowdstrike>[^\']+)\'\)" | rex "\(\'kaspersky_host\', \'(?<product_id_2_kaspersky>[^\']+)\'\)" -| eval product_id_2=case(product=="lansweeper_id", product_id_2_lansweeper, product=="tenable_uuid", product_id_2_tenable, product=="qualys_id", product_id_2_qualys, product=="sophos_uuid", product_id_2_sophos, product=="windows_defender_host", product_id_2_windows_defender, product=="crowstrike_userid", product_id_2_crowdsrike,product=="kaspersky_host", product_id_2_kaspersky) -| rex "\(\'hostname\', \[(?<hostname1>[^\]]+)\]\)" | rex "\(\'ip\', \[(?<ip1>[^\]]+)\]\)" | rex "\(\'mac_address\', \[(?<mac_address1>[^\]]+)\]\)" -| rex "\'hostname\': \[(?<hostname2>[^\]]+)\]" | rex "\'ip\': \[(?<ip2>[^\]]+)\]" | rex "\'mac_address\': \[(?<mac_address2>[^\]]+)\]" -| rex "entry:{(?<lookup_entry>[^}]+)}" -| table uuid, product, product_id_1, product_id_2, hostname1, hostname2, ip1, ip2, mac_address1, mac_address2, lookup_entry - $tkn_timerange_conflicted_merged.earliest$ - $tkn_timerange_conflicted_merged.latest$ - - - - -
- - \ No newline at end of file diff --git a/cyences_app_for_splunk/default/savedsearches.conf b/cyences_app_for_splunk/default/savedsearches.conf index b35bfd3f..e626942d 100644 --- a/cyences_app_for_splunk/default/savedsearches.conf +++ b/cyences_app_for_splunk/default/savedsearches.conf @@ -3524,6 +3524,7 @@ display.page.search.mode = fast request.ui_dispatch_app = cyences_app_for_splunk request.ui_dispatch_view = search search = `cs_lansweeper` `cs_lansweeper_timerange` \ +| dedup AssetID \ | eval product_name="Lansweeper", product_uuid=AssetID, hostname=lower(mvdedup(mvappend(AssetName, FQDN))), ip=lower(IPAddress), mac_address=lower(Mac), antivirus=mvzip(antivirus_name, antivirus_enabled, "#") \ | rename _time as time, AssetID as lansweeper_id, host as lansweeper_collected_by, site_name as Site, AssetTypename as AssetType, Statename as lansweeper_state, Userdomain as Domain, AssetGroup as GroupName, OScode as OSVersion, Username as lansweeper_user, version as AssetVersion, OS as lansweeper_os, FQDN as lansweeper_fqdn, Firstseen as FirstSeen, Lastseen as LastSeen \ | table time, product_name, product_uuid, ip, mac_address, lansweeper_id, hostname, lansweeper_collected_by, Site, AssetType, lansweeper_state, Domain, GroupName, OSVersion, BuildNumber, AssetVersion, lansweeper_user, lansweeper_os, Description, IPLocation, lansweeper_fqdn, antivirus, AssetDomain, FirstSeen, LastSeen, AssetName, Serialnumber, Processor, Model, Manufacturer, OSRelease, OSname, SystemVersion, Memory, LsAgentVersion, LastLsAgent, LastChanged, DNSName \