Security

Community Activity

What is N/A in the user field? I issued this search: index="_audit" \| top user limit="1000" attempting to see the users on my system. Some of the ou... by IT_Bullgod Splunk Employee in Security 08-17-2020 1 2	1	2
Traking every configurations on SPLUNK instances (SH, IX, UF) Hello, I need your recommandations and your advices about the configurations for tracking the changements and the mod... by Nessrine Loves-to-Learn in Security 08-14-2020 0 4	0	4
Having Difficulty with SSL certs - Splunk 8 on prem Hello, and thanks for reading this.Having issues with securing the web site for our on-prem Splunk 8 Enterprise insta... by BrianS Observer in Security 08-14-2020 0 4	0	4
Use case to detect malicious activity in Splunk indexer which is in a weak network Hi All,kindly give your thoughts on below questions.1.How to create high level use case to detect malicious activity ... by Aleena Explorer in Security 08-13-2020 0 5	0	5
Certification: do i need to attend official Splunk courses ? Hello Team, Are the official Splunk courses the only way to get certified ?For example:https://www.splunk.com/en_us/t... by teknet9 Path Finder in Security 08-13-2020 0 7	0	7
AWS Splunk App Security Group Dashboard Hello All,I'm utilizing the Splunk App for AWS to capture data and represent them into easily identifiable dashboards... by nathanr123 New Member in Security 08-12-2020 0 0	0	0
encryption data in transit and stored Hi i'm newWhen the information is in transit, for example from a forwarder to the indexer, do you have any type of en... by splunkcol Builder in Security 08-10-2020 0 1	0	1
Splunk ES 7.2.1 SSL Certificates Details Hello!In my org currently, we have open SSL certs so we are going to self-signed certs or trusted certs going to inst... by phanichintha Path Finder in Security 08-10-2020 0 3	0	3
Role to only upload data file via the GUI Hello,I need a restrict role for only upload data file.I add this capability :edit_monitor - Required to make the "Ad... by Alaza Explorer in Security 08-07-2020 0 3	0	3
Server.conf allowRemoteLogin set to never, but splunk server still allows remote login? I want to stop all remote logins to a Splunk server. To do this, I added the following to /etc/system/local/server.co... by dtrelford Path Finder in Security 08-07-2020 0 6	0	6
Splunk Role Management - Disabling Roles in authorize.conf We are using v8.0.4 of Splunk Enterpise. In our authorize.conf I see roles are disabled. Examples:[role_sec_power_use... by brdr Contributor in Security 08-06-2020 0 2	0	2
Undefined user in splunk http://localhost:8000/en-GB/splunkd/__raw/services/authentication/users/undefined Hi,There is issue in version 8.0.4.1 with user cookie/session being broken. Whenever I load Splunk, I do receive 404 ... by seva98 Path Finder in Security 08-06-2020 0 0	0	0
LDAP Search / Active Directory App Monitor Changes How can I use Splunk to alert / run reports on group member changes?Currently I have something I wrote that reads gro... by ntripp_element Explorer in Security 08-05-2020 0 4	0	4
although i can login to splunk web inside installation machin, cant remotely connect to splunk web interface I installed splunk on a centos 8 machin firewall-cmd allowed port 8000, 8089, 80, 443, 9997 etc. i can login to splun... by mpmalasd Engager in Security 08-03-2020 0 2	0	2
AWS CloudTrial events - searching on specific AWS accounts - ARN's Hi, I am attempting to update a notable.The notable allows us to identify if a AWS new user has been created via a AP... by Thundercat Engager in Security 07-30-2020 0 0	0	0
How to change back license group from enterprise license to forwarder license? Hi everyone, I'm a total Splunk noob. The title basically says it all. I recently changed the group from enterprise ... by mysicksi Path Finder in Security 07-30-2020 0 2	0	2
Cpes to maintain Splunk certs? How many cpes and what type are required to maintain Splunk certifications? I have a Splunk User cert and need to kno... by Jbmwk75 New Member in Security 07-26-2020 0 1	0	1
ERROR TcpInputProc - Could not bind to port IPv4 port 8002 Hi guysi am getting below error for an 8002 input streaming for checkpoint logging.Can you suggest how can i resolve ... by Anand_Annamalai Explorer in Security 07-24-2020 0 7	0	7
Search Unique Source IPs Associated with 10+ Unique Destination IPs Hi all I’m new to Splunk so forgive my ignorance. We’re currently using Splunk as a SIEM and I’m having trouble gett... by ltcsecurity Observer in Security 07-24-2020 0 1	0	1
SAML RealName Alias I have my Search Head Cluster authentication working with SAML intergration with our IdP. But currently our IdP send... by thormanrd Path Finder in Security 07-23-2020 1 2	1	2
Does Splunk Cloud support DUO two factor authentication? Does Splunk Cloud support DUO two factor authentication? I am a cloud customer who is also a duo customer. I do not... by dschneider Engager in Security 07-21-2020 1 9	1	9
Which users use the REST API? We are planning to move to SAML SSO soon. One of the drawbacks of SAML is that you cannot authenticate on the API any... by twinspop Influencer in Security 07-20-2020 0 3	0	3
Splunk SAML with Gsuite error 'No Arguments found' I am trying to setup Gsuite SAML for Splunk. I followed the steps mentioned in this link: https://clevertap.com/blog... by nikhils5501 Loves-to-Learn Lots in Security 07-20-2020 0 2	0	2
Authenication datamodel to identify when a 'breakglass' accounts has been successfully authenticated Hi All,Thanks for taking the time to review this message.I attempting to create a Splunk notable that will allow me t... by Thundercat Engager in Security 07-16-2020 0 2	0	2
Script out Deployment Client Removal? When I look in the deploymentserver web interface, I see some Deployment Clients listed that I want to remove. Is it ... by muebel SplunkTrust in Security 07-14-2020 0 2	0	2