So I've found that to get these dashboards to work in my environment, I had to make the following changes in all the searches:
change *hg_event_description* to *cef_name*
change *hg_event_type* to *cef_signature*
change *hg_threat_score* to *cef_severity*
(just a reminder: on each dashboard, click on "Edit" then "Edit Source", make the changes in the xml, then click "Save")
↧