Security

Community Activity

bin directory has been deleted HI By mistake bin folder was deleted on one of the indexer.Is there any way to get it back. We dont have backup for ... by nagamadhupriyan Loves-to-Learn Lots in Security 08-24-2020 0 4	0	4
API Token authentication Hi ,am trying to access : curl -k https://localhost:8089/services/auth/login -d username=admin -d password=foobarhttp... by Rdoggala Loves-to-Learn Lots in Security 08-23-2020 0 10	0	10
Browser type Display issues with Useragent I have a query which is giving me different types of browser stats but when I try to display that in a pie chart it s... by puneetkharband1 Path Finder in Security 08-22-2020 1 3	1	3
Splunk Enterprise integration with Multiple AzureAD for AUthentication Hi Experts...We have a requirement where we need to integrate Multiple Azure AD with Splunk Enterprise for Authentica... by shwetas Explorer in Security 08-19-2020 0 0	0	0
Creating new CSR unable to find shared library libssl.so.0.9.8 I am try to generate a CSR on CentOS 6 based on the Splunk admin documentation for "Generate a CSR". I used the follo... by jason_hubbard Path Finder in Security 08-18-2020 1 6	1	6
What is N/A in the user field? I issued this search: index="_audit" \| top user limit="1000" attempting to see the users on my system. Some of the ou... by IT_Bullgod Splunk Employee in Security 08-17-2020 1 2	1	2
Traking every configurations on SPLUNK instances (SH, IX, UF) Hello, I need your recommandations and your advices about the configurations for tracking the changements and the mod... by Nessrine Loves-to-Learn in Security 08-14-2020 0 4	0	4
Having Difficulty with SSL certs - Splunk 8 on prem Hello, and thanks for reading this.Having issues with securing the web site for our on-prem Splunk 8 Enterprise insta... by BrianS Observer in Security 08-14-2020 0 4	0	4
Use case to detect malicious activity in Splunk indexer which is in a weak network Hi All,kindly give your thoughts on below questions.1.How to create high level use case to detect malicious activity ... by Aleena Explorer in Security 08-13-2020 0 5	0	5
Certification: do i need to attend official Splunk courses ? Hello Team, Are the official Splunk courses the only way to get certified ?For example:https://www.splunk.com/en_us/t... by teknet9 Path Finder in Security 08-13-2020 0 7	0	7
AWS Splunk App Security Group Dashboard Hello All,I'm utilizing the Splunk App for AWS to capture data and represent them into easily identifiable dashboards... by nathanr123 New Member in Security 08-12-2020 0 0	0	0
encryption data in transit and stored Hi i'm newWhen the information is in transit, for example from a forwarder to the indexer, do you have any type of en... by splunkcol Builder in Security 08-10-2020 0 1	0	1
Splunk ES 7.2.1 SSL Certificates Details Hello!In my org currently, we have open SSL certs so we are going to self-signed certs or trusted certs going to inst... by phanichintha Path Finder in Security 08-10-2020 0 3	0	3
Role to only upload data file via the GUI Hello,I need a restrict role for only upload data file.I add this capability :edit_monitor - Required to make the "Ad... by Alaza Explorer in Security 08-07-2020 0 3	0	3
Server.conf allowRemoteLogin set to never, but splunk server still allows remote login? I want to stop all remote logins to a Splunk server. To do this, I added the following to /etc/system/local/server.co... by dtrelford Path Finder in Security 08-07-2020 0 6	0	6
Splunk Role Management - Disabling Roles in authorize.conf We are using v8.0.4 of Splunk Enterpise. In our authorize.conf I see roles are disabled. Examples:[role_sec_power_use... by brdr Contributor in Security 08-06-2020 0 2	0	2
Undefined user in splunk http://localhost:8000/en-GB/splunkd/__raw/services/authentication/users/undefined Hi,There is issue in version 8.0.4.1 with user cookie/session being broken. Whenever I load Splunk, I do receive 404 ... by seva98 Path Finder in Security 08-06-2020 0 0	0	0
LDAP Search / Active Directory App Monitor Changes How can I use Splunk to alert / run reports on group member changes?Currently I have something I wrote that reads gro... by ntripp_element Explorer in Security 08-05-2020 0 4	0	4
although i can login to splunk web inside installation machin, cant remotely connect to splunk web interface I installed splunk on a centos 8 machin firewall-cmd allowed port 8000, 8089, 80, 443, 9997 etc. i can login to splun... by mpmalasd Engager in Security 08-03-2020 0 2	0	2
AWS CloudTrial events - searching on specific AWS accounts - ARN's Hi, I am attempting to update a notable.The notable allows us to identify if a AWS new user has been created via a AP... by Thundercat Engager in Security 07-30-2020 0 0	0	0
How to change back license group from enterprise license to forwarder license? Hi everyone, I'm a total Splunk noob. The title basically says it all. I recently changed the group from enterprise ... by mysicksi Path Finder in Security 07-30-2020 0 2	0	2
Cpes to maintain Splunk certs? How many cpes and what type are required to maintain Splunk certifications? I have a Splunk User cert and need to kno... by Jbmwk75 New Member in Security 07-26-2020 0 1	0	1
ERROR TcpInputProc - Could not bind to port IPv4 port 8002 Hi guysi am getting below error for an 8002 input streaming for checkpoint logging.Can you suggest how can i resolve ... by Anand_Annamalai Explorer in Security 07-24-2020 0 7	0	7
Search Unique Source IPs Associated with 10+ Unique Destination IPs Hi all I’m new to Splunk so forgive my ignorance. We’re currently using Splunk as a SIEM and I’m having trouble gett... by ltcsecurity Observer in Security 07-24-2020 0 1	0	1
SAML RealName Alias I have my Search Head Cluster authentication working with SAML intergration with our IdP. But currently our IdP send... by thormanrd Path Finder in Security 07-23-2020 1 2	1	2