Security

Discussions

Thread Info

Why are windows UF in Windows Event Log getting this message "Splunk could not get description"?

A lot of our Windows UF are getting this message in Windows Event Logs, "Splunk could not get the description for thi...

by Path Finder in

How to detect password in username field followed by successful logon?

To detect a failed login following by successful login (within a 60 second) period, I run: index=myindex sourcetyp...

by Engager in

How can we renew this certificate with a third-party signed certificate?

Hello, We use Splunk 6.2.0 and the server.pem certificate will be expired in 10 days: openssl x509 -in /opt/spl...

by Explorer in

Why is the user shown in the results is not the user who is running the query?

Hi, I wonder whether someone may be able to help me please. I'm running the query below to obtain information a...

by Motivator in

Notable Response Actions -- Is there a way to override the standard Trigger Condition rule?

Hello! I am looking for a way to override the built-in Trigger Condition for Notable Response Actions, "For each re...

by New Member in

How to create a WIDS/IDPS/Internet Content Filtering dashboard in Splunk?

I need help on how to create a WIDS/IDPS/Internet Content Filtering dashboard in Splunk so that I can continuously mo...

by Explorer in

Advisory ID: SVD-2022-0608- Is this a customer installable upgrade (to version 9)?

Hi, Security alert: Splunk Universal Forwarder. Is this a customer installable upgrade (to version 9), or do I ...

by New Member in

Does Splunk SOAR support mTLS?

In the context of connecting Splunk Cloud and Phantom. Does Phantom/Splunk SOAR support mTLS?

by New Member in

How to get a list of users who did not login to splunk indexer for more than 30 days?

I need to find out the list of users who did not login to splunk for more than 30 days. I need to know when the user ...

by Explorer in

Email notifications failing for Splunk ES alerts

Hello all, we're configuring Splunk Enterprise security app within our environment, while testing alerts the alert a...

by Path Finder in

Does Splunk Forwarder need an interactive login?

All, I've noticed by default that Splunk Forwarder gives itself /bin/bash in /etc/passwd. e.g. splunk:x:1001...

by New Member in

Can't create Splunk On Call trial

Hello team, we are looking for an incident management solution and wish to try out Splunk On Cal...

by New Member in

Where I can request an annual application security assessment report for Splunk product?

Anyone know where I can request an annual application security assessment report for Splunk product? I am looking ...

by New Member in

Keycloak SAML configuration shows an invalid request

Hello team, I have problems with configuring Splunk with keycloak by SAML, every time it shows me an invalid request....

by Observer in

SAML Authentication: Stuck on Terms of Service Page

Hey All, I'm setting up SAML authentication in our new Splunk Cloud environment and everything appears to be worki...

by Explorer in

What can I do about Splunk's Critical Deployment Server Vulnerability? CVE-2022-32158

Splunk recently announced a Critical vulnerability for the Splunk deployment server. Advisory ID: SVD-2022-0608Pub...

by Motivator in

What is the main difference in Splunk lantern vs Splunk research?

Would like to know what is the main difference in lantern.splunk use case library and research.splunk detections/anal...

by Engager in

SAML Failed to parse issuer

We are running Splunk enterprise 8.2.4 and it has been working fine with SSO authentication until I updated the SSL c...

by Loves-to-Learn Lots in

Improving Your Splunk Security Posture - June 2022 Security Advisory Resources

Looking to improve your security posture and address our June 2022 security advisories? You have come to the right pl...

by Community Manager in

What are the security differences between Splunk Enterprise and Splunk Cloud?

I'd like to know from a security's perspective, what are the differences between Splunk Cloud and Splunk Enterprise v...

by New Member in

Top Labels

access control 99
audit 43
authentication 120
encryption 42
LDAP 36
login 68
Other 206
permissions 76
SAML 32
SSL 94
SSO 32

Get Updates on the Splunk Community!

Security

Discussions

Why are windows UF in Windows Event Log getting this message "Splunk could not get description"?

How to detect password in username field followed by successful logon?

How can we renew this certificate with a third-party signed certificate?

Why is the user shown in the results is not the user who is running the query?

Notable Response Actions -- Is there a way to override the standard Trigger Condition rule?

How to create a WIDS/IDPS/Internet Content Filtering dashboard in Splunk?

Advisory ID: SVD-2022-0608- Is this a customer installable upgrade (to version 9)?

Does Splunk SOAR support mTLS?

How to get a list of users who did not login to splunk indexer for more than 30 days?

Email notifications failing for Splunk ES alerts

Does Splunk Forwarder need an interactive login?

Can't create Splunk On Call trial

Where I can request an annual application security assessment report for Splunk product?

Keycloak SAML configuration shows an invalid request

SAML Authentication: Stuck on Terms of Service Page

What can I do about Splunk's Critical Deployment Server Vulnerability? CVE-2022-32158

What is the main difference in Splunk lantern vs Splunk research?

SAML Failed to parse issuer

Improving Your Splunk Security Posture - June 2022 Security Advisory Resources

What are the security differences between Splunk Enterprise and Splunk Cloud?

Introducing Ingest Actions: Filter, Mask, Route, Repeat

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

SAML IDP certificate has expired, but users can st...

Why does VA scan identify that Splunk uses default...

Why is X509 certificate default using warning?

How to verify a secure connection between the depl...

Is Splunk Enterprise vulnerable CVE-2022-33891 and...