Security

Community Activity

How to search a lookup based on field values of a base search Hello everyone, hope you are all well this afternoon. I am trying to combine 2 searches where the outer search passes... by Allene139 Explorer in Security 02-14-2022 0 2	0	2
How to query to monitor new inputs Hello I want to monitor if user run new search in our environment or created new alert i tried to use this query : ... by sarit_s Communicator in Security 02-14-2022 0 4	0	4
SSL certificate checker issue: How to see all SSL Certificates in the current search? Hi please help here we are using below base search and we need to see all ssl certificates with days left in EST. ind... by pchintha Engager in Security 02-14-2022 0 6	0	6
Splunk certificate issue: Why are we receiving this error? Hi All, We have a requirement to connect to Splunk and send the message logs from the integration flow(Cloud platform... by Caren New Member in Security 02-14-2022 0 0	0	0
UF -> HF SSL Configuration Weirdness Hello, I'm currently working on configuring SSL from a UF sitting on a Windows server to a HF running on RHEL 7. I a... by elaborateGecko Explorer in Security 02-12-2022 0 4	0	4
How to build a search that monitors who accesses a directory on a Linux box Hello, I am very new to Splunk but trying to figure a few things out. I have been tasked with building a search so th... by Durwood Engager in Security 02-09-2022 0 1	0	1
Am I missing any configurations with Splunk forwarder SSL custom certificates? Hi, I have configured my windows forwarder to use the custom CA and Server certificate. Below is the configuration an... by SS1 Path Finder in Security 02-08-2022 0 1	0	1
FIPS kvstore certificate purpose Environment- Single Splunk 7.3.9 search head / indexer with FIPS_MODE=1etc/system/local/server.conf [sslConfig] ssl... by pongey Engager in Security 02-07-2022 1 1	1	1
How to stop all users login into splunk? We are recently migrated to QRadar. So we decide to decommission the splunk. before decommission we need to stop any ... by Naveen99 Engager in Security 02-07-2022 0 2	0	2
Using X509 certificates Dear Support,We use X509 certificates provided by our customer certificate authority, in order to use HTTPS protocol ... by mghaleb Engager in Security 02-04-2022 0 2	0	2
splunk troubleshooting Training Greetings!!Need your advice and opinions on the following points:- What training can I take to master splunk admin tr... by pacifikn Communicator in Security 02-03-2022 0 4	0	4
Splunk Cloud SAML SSO Signature Verification Failure Hi Experts,I'm trying to set up SAML SSO for Splunk Cloud against an external IDP.I've loaded the IDP's SAML metadata... by akermaier New Member in Security 02-03-2022 0 0	0	0
sample data for splunk PCI compliance app Hello All,I am working on building use cases for PCI compliance , Just got to know that splunk has an PCI compliance ... by kannu Communicator in Security 02-03-2022 0 0	0	0
Running Splunk Commands I've installed Splunk as Standalone and I'm trying to run Splunk commands under /opt/splunk and they didn't work.My q... by aateeq Explorer in Security 01-29-2022 0 1	0	1
Desintalar splunk forwarder 6-4-2 Estoy tratando de desintalar el agente Splunl en un servidor y me sale este mensaje intente tambien hacerlo por linea... by Norman2022 New Member in Security 01-25-2022 0 1	0	1
Splunk Connect for k8S - HTTPS problem Hello,I am trying to configure Splunk Connect for Kubernetes to capture a k8s cluster application logs.I have problem... by npe Engager in Security 01-25-2022 0 0	0	0
How can I search for users that haven't logged into Splunk for 90+ days? Any query help Highly appreciated ? Thanks in advance ! lists accounts in Splunk that have not been used (logon) for... by splunker969 Communicator in Security 01-24-2022 0 11	0	11
Can a Power User Role get grant to access ACL Capability to Dashboard/Report/Alarm Hi.As in Subject, only Admin Role can edit an object "ACL",turning an object from Private to Public, with relative "A... by verbal_666 Builder in Security 01-20-2022 0 0	0	0
IP Watch List I am very new to Splunk and trying to gain as much knowledge as possible. I found there is an App called Splunk Globa... by juanv Engager in Security 01-19-2022 0 3	0	3
Splunk search query Supposed if i have huge data of users i need to check the last status of the each users Like login and logout. If use... by kajalchopade071 Path Finder in Security 01-19-2022 0 8	0	8
Detecting Beaconing Using Fourier Transform (FFT) Does anyone know of an add-on or other script that would allow one to analyze network traffic to detect beaconing usi... by dokaas_2 Communicator in Security 01-18-2022 0 6	0	6
Cant see Macro Sharing (permissions) on some app but i can in others ? Hi AllI am using an app called Murex, I am Admin on the environment but i cant see the Sharing (permissions) column o... by robertlynch2020 Influencer in Security 01-18-2022 0 1	0	1
Restricting index access with srchIndexesDisallowed overwrites other group permissions We have a setup where all users by default have access to all indexes. Now we have to restrict the access to a specif... by vasial Loves-to-Learn in Security 01-18-2022 0 8	0	8
Security Question Related to Splunk enterprise Should a non authenticated user access this endpoint (POST request) https://localhost:8089/services/template/realize ... by SakshamGuruji Engager in Security 01-15-2022 0 3	0	3
Splunk enterprise Logback 1.2.3 CVE-2021-42550 In Splunk enterprise when running the following log4j scanner it is picking up that the following filesas vulnerable.... by qessar Observer in Security 01-09-2022 0 2	0	2