The RPF_CHECK extractor could be used to define number of system/server checks (profile parameters, TP parameters, etc) which could be then monitored. Out of the box it is possible to monitor System Security Baseline using the set of predefined rules/checks distributed together with add-on installation files. Extractor is not active by default. Security Baseline content pack need to be imported before extractor is activated.
Potential Use Cases
This event could be used in the following scenarios:
Security Baseline monitoring
Custom configuration parameter monitoring
Metric Filters
The filter is available following the menu option below:
On the left side it is possible to select/drill-down into necessary rule group (by double-click). The list of rules are shown on the right side of the screen. ‘Security Baseline’ content pack could be imported using ‘Import’ button.
Splunk Dashboard
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.
