Skip to content

Commit cfc515c

Browse files
romain-filigranromain-filigran
committed
disable savedsearches by default
1 parent bc28d84 commit cfc515c

File tree

1 file changed

+9
-10
lines changed

1 file changed

+9
-10
lines changed

TA-opencti-for-splunk-enterprise/package/default/savedsearches.conf

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,8 @@ search = | inputlookup opencti_markings \
88
| outputlookup append=true opencti_markings
99
description = Updates the opencti_markings lookup with new and updated marking definitions
1010
schedule = */15 * * * *
11-
enabled = 1
11+
enableSched = 1
12+
disabled = 1
1213
dispatch.earliest_time = -15m
1314
dispatch.latest_time = now
1415
cron_schedule = */15 * * * *
@@ -44,9 +45,8 @@ search = `opencti_index` sourcetype="opencti:indicator" (event="create" OR event
4445
| outputlookup append=t opencti_indicators
4546
description = Incrementally upserts OpenCTI indicators into the opencti_indicators KV Store using the latest modified event per id.
4647
schedule = */5 * * * *
47-
enabled = 1
48-
disabled = 0
49-
is_scheduled = 1
48+
enableSched = 1
49+
disabled = 1
5050
dispatch.earliest_time = -15m
5151
dispatch.latest_time = now
5252
cron_schedule = */5 * * * *
@@ -81,9 +81,8 @@ search = `opencti_index` sourcetype="opencti:indicator" (event="create" OR event
8181
| outputlookup opencti_indicators
8282
description = Nightly full rebuild of the OpenCTI Indicators KV store. Ensures only the latest version per id remains and clears stale entries.
8383
schedule = 30 2 * * *
84-
enabled = 1
85-
disabled = 0
86-
is_scheduled = 1
84+
enableSched = 1
85+
disabled = 1
8786
dispatch.earliest_time = 0
8887
dispatch.latest_time = now
8988
cron_schedule = 30 2 * * *
@@ -111,7 +110,8 @@ search = | inputlookup opencti_reports \
111110
| outputlookup opencti_reports
112111
description = Updates the opencti_reports lookup with new and updated reports, while flagging deleted ones.
113112
schedule = 0 * * * *
114-
enabled = 1
113+
enableSched = 1
114+
disabled = 1
115115
dispatch.earliest_time = -60m
116116
dispatch.latest_time = now
117117
cron_schedule = 0 * * * *
@@ -143,9 +143,8 @@ search = | inputlookup opencti_indicators \
143143
threat_confidence threat_weight \
144144
| outputlookup opencti_threatintel
145145
description = Rebuilds the ES Threat Intelligence KV from the enriched opencti_indicators KV.
146-
is_scheduled = 1
147146
cron_schedule = */5 * * * *
148-
disabled = 0
147+
disabled = 1
149148
dispatch.earliest_time = 0
150149
dispatch.latest_time = now
151150
alert.suppress = 0

0 commit comments

Comments
 (0)