Security

Community Activity

Should we run Splunk as root or non-root user? Should we run Splunk as root or non-root user? Which way is better? Thanks -Ha by hadinh Explorer in Security 01-30-2021 7 9	7	9
I've got my data in but I now need to get some good use cases out of the windows log data! Relatively new to splunk but after a few challenges I have my splunk deployment up and running. I've limited this to ... by achauhan2098 Engager in Security 01-28-2021 0 1	0	1
I have this problem to configure Active Directory splunk 8.1.1 Error01-27-2021 08:08:46.410 -0300 WARN ScopedLDAPConnection - strategy="SIEM" LDAP Server returned warning in search... by Elisvan Engager in Security 01-28-2021 0 2	0	2
LDAP Authentication Hello All, first time user in the commnunity. We currently have a number of users in our Splunk environment using loc... by oylkm Explorer in Security 01-27-2021 0 1	0	1
Help with eStreamer and Cisco Hello everyone, Spending a lot of time with set up of eStreamer for a Cisco ASA firewall. Still receiving these erro... by jbender72 Path Finder in Security 01-26-2021 0 1	0	1
Can I give local user authentication priority over LDAP or SAML? Hello. I am configuring SAML. If my SAML configuration fails, I do not want to get locked out. I want to create a loc... by snimesh Explorer in Security 01-25-2021 0 0	0	0
Not able to access Splunk Web after Splunk installation I was trying to install Splunk 6.1.1 in CentOs 6.8. Installation was successful and I was unable to access Splunk web... by V4M51 Engager in Security 01-24-2021 0 13	0	13
redirect loop Greetings. We just upgraded our servers from opensuse 11.3 --> 11.4 (X64) After the upgrade splunk no longer works, ... by isrjo Explorer in Security 01-22-2021 1 3	1	3
Specific Windows Events Only Hey All, Sorry if this has been asked before but I couldnt see the same such post. I want to include some specific w... by achauhan2098 Engager in Security 01-21-2021 0 2	0	2
Splunk admin certification exam. Hi!I have completed both, Splunk system administrator and Splunk data administrator. In order to get a certification,... by Patricio Engager in Security 01-20-2021 0 2	0	2
eStreamer Mystery Cannot Find the Set-Up link Hello,I am trying to install eStreamer eNcore for Splunk. Version 4.0.9 During the set up process I cannot see the ... by jbender72 Path Finder in Security 01-18-2021 0 0	0	0
Is there is a way with Splunk to detect mail messages coming from a specific domain that did not use TLS? ServiceNow add on with splunk does not support forced TLS. So, Is there is a way with Splunk to detect mail messages ... by Koustav2020 New Member in Security 01-17-2021 0 0	0	0
Splunk Remote Login Issue Hello, I am running a Splunk Server on a windows VM. A few weeks ago Splunk was ungracefully shut off (Windows Server... by Marco Communicator in Security 01-15-2021 0 2	0	2
Splunk Related powershell scripts Our Endpoint protection is blocking multiple powershell scripts that seem related to Splunk.Can anyone explain what t... by Elky Engager in Security 01-14-2021 0 1	0	1
Error connecting: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed when 'Browse More Apps' Error connecting: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed - please check th... by nivan Engager in Security 01-09-2021 1 3	1	3
Monitoring for Emails Sent Externally Hello, I am looking for assistance developing a Splunk query that will display all users within my organization that ... by ccolbert Engager in Security 01-08-2021 0 1	0	1
Private KO Access Post SAML Implimentation What happens to privately owned knowledge objects when the Splunk authentication method is switched from Native Splun... by Ed11375 Explorer in Security 01-08-2021 0 0	0	0
My splunk web server is not loading........It happens with my search peers when i m doing index clustering Everytime when i configure do Index clustering the peer nodes work fine.When next day I try to open my peer nodes web... by Sabareesh Observer in Security 01-06-2021 0 7	0	7
Splunk Enterprise notables generated after 10hours Hello, In splunk Enterprise Has anyone experienced cases where notable events are generated after 10+hrs the trigger ... by rsawant2085 Engager in Security 01-06-2021 0 1	0	1
app or macro to summarize unix user and group permissions We are indexing the unix /etc/passwd /etc/group and /etc/sudoers in splunk. Now we have to create reports and dashboa... by wfskmoney Path Finder in Security 12-24-2020 0 8	0	8
Best option to filter data by user in data model accelerate Hello!! I have a question about how to do something.Within an index I have a field called entity, this corresponds to... by DaniloMejia Explorer in Security 12-24-2020 0 4	0	4
Remove Security Essentials How do I remove the Security Essentials app? Just remove the directory from apps/ on the search head? by mikefg Communicator in Security 12-23-2020 0 2	0	2
SE-IncidentReviewDashboard- Need metrics of Notables by Investigation Options In Splunk Enterprise Security , Incident Review Dashboard , I am adding 2 different Investigation Option to the notab... by vn_g Path Finder in Security 12-22-2020 0 0	0	0
Cluster Licensing and Monitoring Dashboard Permissions Required to View I have Splunk 8.0.5:One cluster masterOne Search headTwo indexers to host clustered indexesI am logged into the UI o... by shocko Contributor in Security 12-21-2020 0 5	0	5
Read Access to Logs for Splunk ID on AIX Hi Team,We need your help related to file permission. We are installing the spunk agent on the AIX servers to read th... by sewabal Observer in Security 12-21-2020 0 0	0	0