Security

Community Activity

Splunk CLI returns "Action forbidden" I can query my Splunk instance using CLI with the following command: /opt/splunk/bin/./splunk search 'index=* host=* ... by busyninja Explorer in Security 07-08-2021 0 11	0	11
Distance between two or more Geolocations (Lat, Lon,) I'm have a search that pulls in user login info with lat and lon. I'm trying to calculate the distance between two co... by Bryon_bowman Explorer in Security 07-07-2021 0 4	0	4
Can Splunk increase the security strength of its default SSL certificates for inter-Splunk communication? According to the Splunk documentation the recommendation is to use the default certificates provided by Splunk for in... by sjaworski Communicator in Security 07-07-2021 1 4	1	4
domain account search using csv and event id Hi, i have been looking but cant seem to make much sense of it all.im new to splunk. im trying to create a search and... by japonter Explorer in Security 07-06-2021 0 2	0	2
How to track a specific user login and logoff the past 30 days Please excuse my lack of knowledge with Splunk but I need to track a user by login/logoff for the past 30 days. I lo... by twinsound New Member in Security 07-02-2021 0 11	0	11
How to Store User User Password with setup page Hi community,I have the need to store encrypted password used in a python script.I've created the app with its setup.... by martaBenedetti Path Finder in Security 06-30-2021 0 3	0	3
Bypassing Splunk Authentication to load dashboards Hi, I would like to embed Splunk as an iframe in my we application. Here we need to load Splunk dashboard on load of... by Arun_N_007 Communicator in Security 06-28-2021 0 10	0	10
Is Splunk or Ent. Security able to detect attacks by rogue systems or Artificially Intelligent enabled Server? Is Splunk Enterprise or Splunk Ent. Security (ES) able to detect attacks by rogue systems or Artificially Intelligent... by SamHTexas Builder in Security 06-27-2021 0 1	0	1
Can't access to my Splunk cloud instance I see my instance in the "instance" section under my profile, but when I hit "Access instance" button, it takes me to... by jmauleon New Member in Security 06-24-2021 0 9	0	9
How to add edit_sourcetypes to sc_admin We want to disable Power Users from editing source types but still allow sc_admin the capability. We unchecked the ed... by edgarrity Path Finder in Security 06-24-2021 0 2	0	2
Multiple certificates in receiving port 9997 Hi, We are using self-signed certs for connection between HF and UF for receiving data on HF on port 9997. Now we nee... by payl_chdhry Path Finder in Security 06-23-2021 0 0	0	0
For federated searches is the data being encrypted between the splunk deployments? I'm wondering if the data that is being returned for a federated search is encrypted or not. Also is it possible to e... by klim Path Finder in Security 06-21-2021 0 0	0	0
Restrict Index access Hi. We are looking to restrict access to just a few of our many indexes in Splunk. In the Role rights under Access ... by Sqig Path Finder in Security 06-21-2021 1 10	1	10
Authenticate splunk web endpoint Hi All,I'm developing an application that exposes a rest endpoint. Besides that, I exposed this endpoint in splunk we... by osvaldo_pina Loves-to-Learn Lots in Security 06-18-2021 0 0	0	0
Scanning Hello Splunk Community!I am brand new to Splunk and all it's glory and I've been tasked to try and show what is curre... by InqPrice New Member in Security 06-17-2021 0 1	0	1
Splunk SIEM license Hello,I have PoC. I wonder where I could find the documentation and videos about installation, administration, syste... by Nikolozts Explorer in Security 06-17-2021 0 4	0	4
Indexer cluster - splunk offline taking excessive time I am in the process of doing some maintenance on my indexer cluster (1 cluster master, 2 peer indexers).I put my clu... by mike_k Path Finder in Security 06-16-2021 0 2	0	2
Updating expired Server.pem We have a distributed Splunk enterprise deployment with the following separate components:1 Search HeadAn Indexer clu... by mike_k Path Finder in Security 06-16-2021 0 3	0	3
How to capture attack signature of Symantec EPO server in Splunk? Hi Team,I need to create a use case with the field "attack signature" from Symantec logs. i already have Symantec log... by Aleena Explorer in Security 06-15-2021 0 4	0	4
View only User Hello Splunkys,i read this post Link on the Splunk Forum. I created a App and it only contains 1 dashboard. I create ... by florianhh Explorer in Security 06-15-2021 0 3	0	3
How to extract complete string using regular expression Hi TEamI have the below data in the logs how can i extract the complete string using regular expression . 4678-busine... by Nith1 Path Finder in Security 06-15-2021 0 2	0	2
User logged in having DBA privileges Hi, Please could you help me to create the below use case in splunk. 1) User logged in having DBA privileges 2) Admi... by vikkysplunk Path Finder in Security 06-14-2021 0 4	0	4
Squid reverse proxy Hello All,Please can someone help me on How to set up a reverse proxy that publishes Splunk web in a virtual director... by Shreya New Member in Security 06-11-2021 0 0	0	0
How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES How do I search for unwanted user account or saved searches added by Hackers in Splunk Ent. / ES by SamHTexas Builder in Security 06-11-2021 0 1	0	1
SAML authentication default role We are using Google Suite based SAML app to setup SSO with Splunk Cloud. As per https://www.youtube.com/watch?v=joMR... by hifimarko Engager in Security 06-10-2021 0 1	0	1