Security

Community Activity

Splunk independent stream Forwarder Hi All, How would capture the netflows from different switces in different network zones. I have deployed Independen... by sa20089562 New Member in Security 07-11-2020 0 1	0	1
Permissions to change the role of admin users in Splunk Console I am an admin user in the Splunk console on prem, and I was going to update the roles of certain admin users from adm... by splunkceh Engager in Security 07-10-2020 0 2	0	2
Securing Splunk Cloud I've found that for Splunk Enterprise, there is the Securing Splunk Enterprise document, outlining recommended securi... by TechSec Engager in Security 07-10-2020 0 2	0	2
Alert Triggers, can I have more than one of a certain trigger type? Greetings,I'm setting up an alert and I noticed that for each alert trigger, only 1 of each trigger type is allowed. ... by chris94089 Path Finder in Security 07-09-2020 0 1	0	1
ISP of blocked IP address Splunk Query for adding a column for ISP of blocked IP address? Thank you, by ephrem3232 Explorer in Security 07-06-2020 0 5	0	5
search head auth reload We are running Splunk Version 6.3 and are using LDAP to manage authentication. We need to run "auth reload" after ne... by judyhuang Explorer in Security 07-03-2020 0 7	0	7
Which member to remove user folder from when removing a LDAP user from SH cluster Following the best practices for removing an LDAP user I am at the stage where I want to remove the $HOME/splunk/etc... by a_kearney Path Finder in Security 06-30-2020 0 0	0	0
Some splunk users not found/searchable from Access Control We see inconsistent response in the UI (settings --> Users and Authentication --> access control --> users). Some use... by sylim_splunk Splunk Employee in Security 06-29-2020 0 1	0	1
Frequent Disk Space Issue - Service ECM Incidents Hello All,We do have an centralized syslog receiver named "spl-fwdser" which receives the logs from various devices a... by mailmetoramu Explorer in Security 06-29-2020 0 1	0	1
How to create an admin-read-only role? I have an admin-in-training, that requires access to see everything but NO access to change anything.I am on version ... by Glasses Builder in Security 06-29-2020 0 3	0	3
Query for any suspicious IP address I'm looking for a splunk query for any suspicious IP address associated with an IP range that was already blocked in ... by ephrem3232 Explorer in Security 06-26-2020 0 1	0	1
Create a read only lookup table I have a user which needs to be able to write one specific lookup table which has to be shared globally. I have to co... by FritzWittwer Path Finder in Security 06-25-2020 0 0	0	0
How to configure Splunk Enterprise in front of AWS ELB instance We have deployed Splunk Enterprise on an EC2 instance behind a classic ELB in AWS with HTTPS enabled (screenshots att... by fman82 Explorer in Security 06-24-2020 0 4	0	4
Splunk 7.3.0 : Possibility of SplunkSearchHead not cleaning the jobs in dispatch directory. Observation:Suddenly the SplunkSearchHead stopped cleaning the jobs in dispatch directory (/opt/splunk/var/run/splunk... by Saravanakumar Observer in Security 06-22-2020 0 0	0	0
Splunk 7.3.0 : Nessus scan vulnerability reported on splunk ports ObservationThe Nessus scan detected few certificate errors on the Splunk ports 8089 (management port), 8000(web-UI) a... by Saravanakumar Observer in Security 06-22-2020 0 0	0	0
sso setup When going through the SAML CONFIGURATION SETUP on splunk enterprise is the ENTITY ID a field that I can put anything... by verifi81 Path Finder in Security 06-19-2020 0 0	0	0
Email for a list of security questions Hello,My company is one of Splunk partners, and our security team has several simple questions regarding Splunk Enter... by denys_k Explorer in Security 06-19-2020 0 3	0	3
Shannon Entropy for DNS domains Hi all, can you please help meI am calculating Shannon Entropy values for domains from single index and have two ques... by me74fhfd Path Finder in Security 06-18-2020 0 0	0	0
LDAP to Office365 For Splunk Cloud, I would like to enable user login to leverage LDAP to our Office365 but I am struggling to find the... by OchinDave Engager in Security 06-16-2020 1 0	1	0
db_connect v3 cannot delete inputs when using SAML WARN UserManagerPro - AQR not supported and user=username@domain.com information not found in cache or 404 User not f... by duneclarke2 Explorer in Security 06-16-2020 2 0	2	0
Possible bug with changing permission on source based field extraction Hello, I just ran into the issue that I couldn't change the permission of a source based field extraction via GUI on ... by knielsen Contributor in Security 06-15-2020 1 5	1	5
Error in removing insecure TLS cipher suites in indexpeer replication Hi, I want to remove insecure tls cipher suites from indexpeer replication. The default setting in server.conf/[sslCo... by WurschtHans Engager in Security 06-15-2020 0 7	0	7
Unhash password found on Slave-apps Hi Team, We had an app for called "org_full_license_server_ssl" and it contains a server.conf This server.conf has a... by jaracan Communicator in Security 06-14-2020 0 5	0	5
errormessage "JSON file contents not available." when configure DM in different apps Hi all, I want to configure a Datamodel in different apps. On app should define the datamodel (here search). The sec... by schose Builder in Security 06-11-2020 0 2	0	2
Activity Triggered Alerts and the results can be see by other users who does not have privileges. Splunk EnterpriseList of jobs in Activity >> Triggered Alerts are visible and the results also can be see by other us... by bhupalbobbadi Path Finder in Security 06-10-2020 0 0	0	0