Security

Community Activity

How Do I Remove Old SAML Users? I originally configured my SAML authentication with a NameID that was a GUID. We noticed that they were randomly gene... by brreeves_splunk Splunk Employee in Security 10-28-2024 0 11	0	11
How to investigate high-risk communication to internet using Correlation Search In my environment, palo alto (proxy) logs are being stored into Splunk.I want to know what kind of operation on a ser... by m_tanaka Explorer in Security 10-28-2024 1 4	1	4
Adding drilldown to a notable/Alert Hey.I'm trying to add the "Drilldown" and "Contributing Events" to our Splunk notables.I have added to this parameter... by MOR09 Engager in Security 10-16-2024 1 1	1	1
Admin can't see users with a certain role and we can't take out the "grantableRoles = admin" option Hi, all the splunk gurus out there. Recently we added a new role and we couldn't see the users with the role when lo... by yangban Explorer in Security 10-14-2024 1 7	1	7
Assets and Identities _reload failing Hello! Since 7.3.0 I'm seeing the reload process for assets and identities failing frequently. Any ideas? RROR pid=20... by TiagoTLD3 Engager in Security 10-10-2024 0 1	0	1
Hola, descargue la OVA de Splunt para probarlo, no encuentro credenciales de acceso a la VM Hola, hoy solicito su ayuda, Dado que descargue la VMWARE de Splunt para probarlo y ver el funcionamiento, pero no h... by darwincharle New Member in Security 10-09-2024 0 1	0	1
Unable to search with eval case output Hello Everyone,I have following splunk query, which I am trying to build for dropdown in dashboard. Basically 2 dropd... by super_edition Path Finder in Security 10-07-2024 0 5	0	5
Create HEC token from Linux CLI Hello,Is it possible to create HEC Token from the CLI of Linux host? Any recommendations how to create HEC token fro... by SplunkDash Motivator in Security 10-03-2024 0 3	0	3
CVE-2024-5535 - Openssl 1.0.2zk Vunerability Hi,I can see Splunk is vulnerable to openssl 1.0.2zk, I've applied the latest 9.2.2 on Splunk Enterprise and the Univ... by gschleusener Engager in Security 10-02-2024 1 4	1	4
linux_audit logs My linux_audit logs increased after updating apps and causing license manager to go over limit. Anyone know a fix for... by dude49 Explorer in Security 09-30-2024 0 4	0	4
regular expression Hi i want to extract highlighted partSep 24 10:43:25 10.82.10.245 [S=217] [BID=d57afa:30] RAISE-ALARM:acProxyConnecti... by Siddharthnegi Contributor in Security 09-28-2024 0 2	0	2
Tenable add-on for splunk - Unable to create/update account settings After i updated tha add-on to 6.3.x I am not able to create or update account setting under account type Tenable.sc c... by rupert Engager in Security 09-26-2024 0 2	0	2
Why is OPENSSL vulnerability still showing in latest release? Greetings, We started seeing OPSNSSL vulnerabilities on all of our Splunk forwarders and the main engine this week. T... by tsondo Explorer in Security 09-26-2024 0 23	0	23
How to make real IP user showing while using LB in shcluster instead of only 1 IP from LB or AD in Audittrail log? Hi, this is my 1st post, I'm a newbie splunkers.I have a case from my clients so, the splunk is running with LB follo... by scr1biddies Loves-to-Learn Lots in Security 09-26-2024 0 8	0	8
regular expression Hi I want to extract highlighted partSep 24 10:43:25 10.82.10.245 [S=217] [BID=d57afa:30] RAISE-ALARM:acProxyConnecti... by Siddharthnegi Contributor in Security 09-24-2024 0 2	0	2
Attack Range Local (ubuntu 22.04) I'm trying to build a Local Attack Range but it fails when it tries to restart the splunk.service. The Splunk instanc... by ejohns Loves-to-Learn in Security 09-23-2024 0 3	0	3
count of events in dynamic time defined by token Hi can anybody help with this problem, please? source1: lookup Tab (lookup.csv) att1 att2 att3 F1 1100 12.09.2024 F... by spisiakmi Contributor in Security 09-19-2024 0 4	0	4
Incident Review kv store /lookup migration We have two separate splunk instances with ES (standalone not clustered) . Consider it as a HO DR when i try to move ... by arunkuriakose Explorer in Security 09-18-2024 0 1	0	1
What is new Splunk admin password? Hi - I just installed Splunk latest version 7.3.2. It went well, but from the website, I can't login with admin/chang... by vnguyen46 Contributor in Security 09-14-2024 0 4	0	4
AI Assistant Security How does Splunk AI assistant keep customer data confidential? by gpinedo Splunk Employee in Security 09-12-2024 0 2	0	2
SAML and logs flooded with warnings: AQR and authentication extensions not supported. Or authentication extensions is su We have enabled Microsoft SAML for Splunk and out splunkd.log seems to be flooded with warnings like this:WARN UserMa... by jmartens Path Finder in Security 09-09-2024 0 8	0	8
LDAP Configuration JSON Error After creating a new LDAP strategy and entering all required information I get an error when saving.Entry not saved, ... by tringener Explorer in Security 09-03-2024 0 2	0	2
Log latency Hi Team, We could see latency in logsLog ingestion via - syslog Network devices --> Syslog server --> splunk Using be... by VijaySrrie Builder in Security 08-28-2024 0 2	0	2
Changing permissions for multiple eventtypes I have been using Splunk for a few months, and now have a number of eventtypes defined. However, they've all got priv... by hmallett Path Finder in Security 08-22-2024 2 3	2	3
Easy question.. how do I get just the HTTP response from this log? Hi! The log in question reads as:HTTP/1.1" 200 365 3in our splunk, we don't have a "HTTP status" field to pivot off o... by tengugurl1 Engager in Security 08-21-2024 0 1	0	1