Data Description

The RPF_CHECK extractor could be used to define number of system/server checks (profile parameters, TP parameters, etc) which could be then monitored. Out of the box it is possible to monitor System Security Baseline using the set of predefined rules/checks distributed together with add-on installation files. Extractor is not active by default. Security Baseline content pack need to be imported before extractor is activated.

Potential Use Cases

This event could be used in the following scenarios:

  • Security Baseline monitoring

  • Custom configuration parameter monitoring

Metric Filters

The filter is available following the menu option below:

Administrator → Metric Filters->More->Rule Processing Filter

On the left side it is possible to select/drill-down into necessary rule group (by double-click). The list of rules are shown on the right side of the screen. ‘Security Baseline’ content pack could be imported using ‘Import’ button.

Splunk Dashboard