Security

Community Activity

Outbound connections required by splunk Doing some hardening on my splunk and would like to block any outgoing connections not required.Besides DNS as far as... by Harold Observer in Security 04-13-2021 0 2	0	2
Adding Enterprise Security Identity data to a Splunk result set I have a really simple query that I'd like to join with Enterprise Security's Identity data.In this case, simply grab... by cbschreiber Explorer in Security 04-08-2021 0 0	0	0
Not able to configure splunk sso because the Host IP is not 127.0.0.1 Hello,I'm trying to configure splunk sso, but it fails because the splunk web host IP is not 127.0.0.1 and so doesn't... by mary_26 Observer in Security 04-08-2021 0 0	0	0
HTTP 401 -- Unauthorized - API connection error after some requests I have an error in authentication in the API, I do some authentications successfully, but then it gives an error HTTP... by isa_melo Observer in Security 04-07-2021 0 0	0	0
Using Enterprise Security Identity Lookup Fields In SPL Query I have a really simple query that I'd like to join with Enterprise Security's Identity inputlookup and grab a field f... by cbschreiber Explorer in Security 04-07-2021 0 6	0	6
Does any Splunk champ has guidelines on how to prepare a DR & backup plan for Splunk Enterprise & ES? Need steps , guidelines or templates to start writing a Disaster Recovery & backup procedures for Splunk enterprise &... by SamHTexas Builder in Security 04-05-2021 0 0	0	0
User Permissions - Enforce Timezone To avoid any miscommunication between users, I would like to enforce the use of a specific timezone for all users. I ... by w531t4 Path Finder in Security 03-31-2021 0 2	0	2
Creating a custom SOC monitoring dashboard using triggered alerts index=_audit action=alert_fired ss_app="Threats_App"\| eval ttl=expiration-now()\| search ttl>0\| convert ctime(trigger_... by aferns0804 Engager in Security 03-24-2021 0 2	0	2
Moving Splunk to New Server - The WebServer doesn't start I have scoured the forums and checked the web_service.log but I can't seem to be able to figure out what my problem i... by rpearson Explorer in Security 03-24-2021 0 6	0	6
issues with SAML and DUO - not returning groups We have a new Splunk cloud instance and have DUO integrated to Splunk via SAML. Authentication works fine but Splunk ... by cbehr Loves-to-Learn Lots in Security 03-23-2021 0 0	0	0
Search auto canceling When ever I run some query my search is getting auto cancelled. My search head is a single search heard and searchin... by msplunk33 Path Finder in Security 03-21-2021 0 3	0	3
Role Capability to Query Lookup Hello, I am trying to figure out which Role Capability controls being able to use a lookup in a query. If I select ... by dglass0215 Path Finder in Security 03-19-2021 0 6	0	6
Change splunk web server from the default setting of port 8000 to port 8081 How do I change the splunk web server's port 8000 to port 8081? Using port 8080 I can not access the web server, whi... by boris Path Finder in Security 03-18-2021 5 8	5	8
User login Error Users' account is setup properly in Active Directory. They have the appropriate role(s) assigned, but when attemptin... by mercerml New Member in Security 03-18-2021 0 2	0	2
Waiting for web server to be available for over 30 minutes I was having problems with one of my heavy forwarders (splunk 6.6.3) running on Windows 2008, so I noted what inputs ... by reswob4 Builder in Security 03-17-2021 1 17	1	17
Does Splunk latest version (8.1.2) supports on Centos 8 Hi,Can you please let me know, if Splunk latest version (8.1.2) supports/works in Centos 8 in the distributed enviro... by anitha Engager in Security 03-17-2021 0 2	0	2
Data encryption in Splunk Hiwe are using Splunk 7.3.4 , wanted to confirm the data indexed is not encrypted by default by rayar Contributor in Security 03-14-2021 0 1	0	1
When I try to restart the indexer in clustering. I will get bet below error"Web interface does not seem to beavailable" by Dhanaskv Path Finder in Security 03-13-2021 0 1	0	1
How to restrict access to one certain index without changing all the other roles? The use case seems simple enough: Lets say we have index sensitive_data that contains... sensitive data. We want to ... by neiljpeterson Communicator in Security 03-12-2021 2 10	2	10
Set Httponly tag for splunkweb_uid Referring to this question (Not all Splunk cookies have the HttpOnly tag set) , answered by @anaidu_splunk , I can s... by Khairul_Irsyad Loves-to-Learn in Security 03-10-2021 0 0	0	0
Can I get the ES asset lookup to also tag hosts? Hi,We want to be able to tag our host assets to help filter on prod and non-prod environments. We can't use dest beca... by ebs Communicator in Security 03-09-2021 0 1	0	1
Is it possible to use SAML, LDAP and Splunk authentication at the same time? Is it possible to use SAML, LDAP and Splunk authentication at the same time? If yes, which is the order of the authen... by FritzWittwer_ol Contributor in Security 03-08-2021 1 3	1	3
Splunk Cloud Free Trial: certificate verify failed (self signed certificate in certificate chain) error message Hi,I am evaluating Splunk Cloud (Free Trial for now) and running into the problem while submitting logs to HEC: SSL_c... by afsku Engager in Security 03-05-2021 0 0	0	0
search for temporary users in privileged groups How can I create search for temporary users in privileged groups? Domain Admins, Enterprise Admins, Schema Admins, Ac... by brandylee1993 Explorer in Security 03-05-2021 0 1	0	1
Index Routing/Separation Across Multiple VPCs Hello Everyone,I have an environment consisting of three VPC's (say x, y, and z). Each VPC holds Linux, Windows and A... by astackpole Path Finder in Security 03-03-2021 0 4	0	4