Resolve review comments

CrossRealms · Aug 2, 2024 · a1a9028 · a1a9028
1 parent ed4e6c6
commit a1a9028
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/cyences_app_for_splunk/default/data/ui/views/cs_f5_bigip_asm.xml b/cyences_app_for_splunk/default/data/ui/views/cs_f5_bigip_asm.xml
@@ -2,7 +2,7 @@
   <label>F5 BIGIP ASM</label>
   <fieldset submitButton="false">
     <input type="time" token="timerange">
-      <label></label>
+      <label>Time Range</label>
       <default>
         <earliest>-24h@h</earliest>
         <latest>now</latest>
@@ -111,7 +111,7 @@
   <row>
     <panel>
       <chart>
-        <title>Top Rules</title>
+        <title>Top Rules Over Time</title>
         <search>
           <query>`cs_f5_asm` attack_type!="N/A" $tkn_src_ip$ $tkn_dest_ip$ $tkn_severity$ | timechart count by policy_name</query>
           <earliest>$timerange.earliest$</earliest>

diff --git a/cyences_app_for_splunk/default/savedsearches.conf b/cyences_app_for_splunk/default/savedsearches.conf
@@ -6693,7 +6693,7 @@ relation = greater than
 cron_schedule = 10 * * * *
 description = A not blocked attack events from F5 BIGIP ASM \
 \
-Data Collection - Splunk Add-on for F5 BIG-IP.
+Data Collection - Splunk Add-on for F5 BIG-IP (https://splunkbase.splunk.com/app/2680).
 dispatch.earliest_time = -62m@m
 dispatch.latest_time = -2m@m
 display.general.type = statistics
@@ -6703,7 +6703,8 @@ request.ui_dispatch_app = cyences_app_for_splunk
 request.ui_dispatch_view = search
 search = `cs_f5_bigip_asm` ip_client="*" dest_ip="*" severity IN ("critical","high","medium") enforcement_action!=block attack_type!="JSON Parser Attack" \
 | eval cyences_severity = if(severity="informational", "info", severity) \
-| table _time cyences_severity severity ip_client src_port dest_ip dest_port manage_ip_addr x_fwd_hdr_val attack_type enforcement_action blocking_exception_reason client_type credential_stuffing_lookup_result device_id enforced_by geo_info http_class ip_addr_intelli ip_route_domain login_result method mobile_application_name mobile_application_version policy_apply_date policy_name protocol protocol_info req_status resp_code route_domain sig_ids sig_names sub_violates threat_campaign_names unit_host uri username violate_details violate_rate violations virus_name  is_trunct \
+| `cs_human_readable_time_format(_time, event_time)` \
+| table event_time cyences_severity ip_client src_port dest_ip dest_port manage_ip_addr x_fwd_hdr_val attack_type enforcement_action blocking_exception_reason client_type credential_stuffing_lookup_result device_id enforced_by geo_info http_class ip_addr_intelli ip_route_domain login_result method mobile_application_name mobile_application_version policy_apply_date policy_name protocol protocol_info req_status resp_code route_domain sig_ids sig_names sub_violates threat_campaign_names unit_host uri username violate_details violate_rate violations virus_name  is_trunct \
 | `cs_f5_bigip_not_blocked_attacks_filter`
 action.cyences_notable_event_action = 1
 action.cyences_notable_event_action.param.filter_macro_name = cs_f5_bigip_not_blocked_attacks_filter