Security

Community Activity

What are the ways to create AWS asset DB in splunk cloud? please suggest multiple approaches that you come across We totally have 150+ account that we are currently wanted to create an asset DB to integrate with threat intel. pleas... by archestain Explorer in Security 05-07-2021 0 0	0	0
Indexer forwarder ssl communication CRL not used Hi guys.I have a problem with certificate revocation on Splunk forwarder.Description:There are 3 VM with Red Hat:Cert... by Roman_Micek Engager in Security 05-04-2021 0 2	0	2
Unable to update apps via "install app from file" or "update" Hi, I am trying to update a app in our splunk environment, when i click on "install app from file" it gives a 500 err... by SS1 Path Finder in Security 05-03-2021 0 2	0	2
Monitor TCP port 80 in a PC (HOME) I am new to Splunk and I am going to create data input of monitoring TCP packet to/from my laptopI have already insta... by a1697115 New Member in Security 05-03-2021 0 1	0	1
server.conf crossOriginSharingPolicy url format I'm trying to set up some HTTP Origins for which to return Access-Control-Allow-* (CORS) headers. According to the Sp... by BernardEAI Communicator in Security 04-30-2021 0 1	0	1
Receiving Data on Splunk Server I am unable to receive data from the forwarder to the server However I have added the serveron server I gotnetstat -... by AmyShah Loves-to-Learn in Security 04-29-2021 0 1	0	1
Disable URL https://splunk:port/en-US/account/login?loginType=splunk Is there a way to allow the Splunk login only for the authtype!=Splunk. I know that I have to specify authtype=SAML o... by mielkea Engager in Security 04-28-2021 0 1	0	1
updating Linux OS version will not affect Splunk operations Greetings!! Updating Linux OS version(Centos) will not affect Splunk operations? I want to update my OS to the lates... by pacifikn Communicator in Security 04-28-2021 0 3	0	3
Retention period in GUI? Hello, I am novice at best when it comes to Splunk administration. Running Splunk Enterprise through AWS on a Linux i... by eroemisch New Member in Security 04-27-2021 0 4	0	4
Setup SSL from UF to both Indexer and Deployment Server Hi , I need to setup SSL for all my UF communicate securely both with my indexer and deployment server. I have gone t... by sombhtr239 Explorer in Security 04-26-2021 0 0	0	0
Browse More Apps: not a valid option(s) for version Dear Splunk community,I am having problems browsing for more apps in my Splunk installation as I am receiving the fol... by Alexander New Member in Security 04-19-2021 0 2	0	2
SAML Integration issue Hi,we tried to integrate our splunk Search head with SAML authentication, but we got the error of saml response does ... by islam Explorer in Security 04-14-2021 0 0	0	0
Outbound connections required by splunk Doing some hardening on my splunk and would like to block any outgoing connections not required.Besides DNS as far as... by Harold Observer in Security 04-13-2021 0 2	0	2
Adding Enterprise Security Identity data to a Splunk result set I have a really simple query that I'd like to join with Enterprise Security's Identity data.In this case, simply grab... by cbschreiber Explorer in Security 04-08-2021 0 0	0	0
Not able to configure splunk sso because the Host IP is not 127.0.0.1 Hello,I'm trying to configure splunk sso, but it fails because the splunk web host IP is not 127.0.0.1 and so doesn't... by mary_26 Observer in Security 04-08-2021 0 0	0	0
HTTP 401 -- Unauthorized - API connection error after some requests I have an error in authentication in the API, I do some authentications successfully, but then it gives an error HTTP... by isa_melo Observer in Security 04-07-2021 0 0	0	0
Using Enterprise Security Identity Lookup Fields In SPL Query I have a really simple query that I'd like to join with Enterprise Security's Identity inputlookup and grab a field f... by cbschreiber Explorer in Security 04-07-2021 0 6	0	6
Does any Splunk champ has guidelines on how to prepare a DR & backup plan for Splunk Enterprise & ES? Need steps , guidelines or templates to start writing a Disaster Recovery & backup procedures for Splunk enterprise &... by SamHTexas Builder in Security 04-05-2021 0 0	0	0
User Permissions - Enforce Timezone To avoid any miscommunication between users, I would like to enforce the use of a specific timezone for all users. I ... by w531t4 Path Finder in Security 03-31-2021 0 2	0	2
Creating a custom SOC monitoring dashboard using triggered alerts index=_audit action=alert_fired ss_app="Threats_App"\| eval ttl=expiration-now()\| search ttl>0\| convert ctime(trigger_... by aferns0804 Engager in Security 03-24-2021 0 2	0	2
Moving Splunk to New Server - The WebServer doesn't start I have scoured the forums and checked the web_service.log but I can't seem to be able to figure out what my problem i... by rpearson Explorer in Security 03-24-2021 0 6	0	6
issues with SAML and DUO - not returning groups We have a new Splunk cloud instance and have DUO integrated to Splunk via SAML. Authentication works fine but Splunk ... by cbehr Loves-to-Learn Lots in Security 03-23-2021 0 0	0	0
Search auto canceling When ever I run some query my search is getting auto cancelled. My search head is a single search heard and searchin... by msplunk33 Path Finder in Security 03-21-2021 0 3	0	3
Role Capability to Query Lookup Hello, I am trying to figure out which Role Capability controls being able to use a lookup in a query. If I select ... by dglass0215 Path Finder in Security 03-19-2021 0 6	0	6
Change splunk web server from the default setting of port 8000 to port 8081 How do I change the splunk web server's port 8000 to port 8081? Using port 8080 I can not access the web server, whi... by boris Path Finder in Security 03-18-2021 5 8	5	8