Security

Community Activity

Example of a batch file write to system32 use case? Does anyone have examples of how to use Splunk to check for batch files written to the Windows system directory? by adukes_splunk Splunk Employee in Security 10-25-2019 0 2	0	2
Example of activity from an expired user? Does anyone have examples of how to use Splunk to check for activity from expired users? by adukes_splunk Splunk Employee in Security 10-25-2019 0 2	0	2
Recover Splunk certifies with the number Is it possible to retrieve a certificate donde in the past? I have a certification as Power User and also as Splunk A... by Carlosbbm New Member in Security 10-24-2019 0 2	0	2
Example of new users taking privileged actions? Does anyone have examples of how to use Splunk to check for new users taking privileged actions? by adukes_splunk Splunk Employee in Security 10-24-2019 0 2	0	2
Example of a prohibited process detected use case? Does anyone have examples of how to use Splunk to check for a prohibited process? by adukes_splunk Splunk Employee in Security 10-24-2019 0 2	0	2
Splunk SDK user access permissions required I've had a couple of python scripts that use the sdk to pull search results running for a couple of years. This week... by reswob4 Builder in Security 10-24-2019 0 0	0	0
Custom authentication.conf for Search Head Cluster Hi, Version - Splunk v7.1.0 Component - Search Head Cluster Background - in our organization, we are using Splunk I... by dustymehul Explorer in Security 10-24-2019 0 1	0	1
ERROR [Errno 111] Connection refused while sending mail to: We are running splunk 4.2.3 on RHEL 5.I am scheduling a job in windows app and email the results to my email id but i... by npandith Explorer in Security 10-23-2019 1 3	1	3
Splunk User Role: How to choose a particular app as default when I login? I logged in to Splunk web URL and i see many Apps , how can i make one app as default so when i login I don't need to... by vijaychandra24 New Member in Security 10-22-2019 0 2	0	2
'Configure Splunk forwarding to use your own certificates' possible documentation error Hi, I'm trying to configure Splunk forwarders and indexers to use our own certificates and while checking the docume... by jorcabro Explorer in Security 10-22-2019 1 2	1	2
Specific Wineventlog (Security) ingestion into Splunk Hi Team, Currently we are ingesting all data from wineventlog Security, Application & System from all Windows Client... by anandhalagarasa Path Finder in Security 10-21-2019 1 2	1	2
Monitor Role Changes in _Audit Trail Audit:[timestamp=10-29-2017 15:55:70.674, user=bob@bob.com, action=edit_user, info=granted object="jerry@jerry.com" o... by lathwal Engager in Security 10-17-2019 4 2	4	2
SSO setup problems Hi all, we are trying to get SSO working through the SAML authentication method but are running into errors that we ... by srichansen Path Finder in Security 10-17-2019 0 3	0	3
Example of web uploads by a user to non-corporate sites use case? Does anyone have examples of how to use Splunk to check for high volume web uploads by a user to non-corporate domain... by adukes_splunk Splunk Employee in Security 10-16-2019 0 2	0	2
Detect installed Firefox extensions Hello, I wanted to reach out to the community to see how users are detecting Firefox extensions that users are insta... by santoshpaga New Member in Security 10-15-2019 0 0	0	0
Proxying issues Hi, I've installed Splunk Trial on my Windows 10 machine. I require to add a proxy server to access the internet on ... by abhsha Engager in Security 10-14-2019 0 6	0	6
Is there a way to clean up local.meta, since role deletion in Splunk is and has been extremely broken? I'm not sure if I trust my bash skills to go through and recursively sed all my very messy local.meta's from old role... by nick405060 Motivator in Security 10-13-2019 0 2	0	2
What are some role-level search restriction? Hello, Assuming I have a role created "myapp_admin_role" and there is a setting for User-level concurrent search job... by krusovice Path Finder in Security 10-09-2019 0 2	0	2
Issue while enabling sse-c on remote store I am enabling smart store on Splunk 7.2.6 with SSE-C. My smart store is working without SSL parameters successfully... by bsrikanthreddy5 Path Finder in Security 10-09-2019 0 1	0	1
Splunk setting roles Hi, I want to set role in Splunk such that user is restricted to only searching. NO admin privileges.. Manager>Role... by standias Explorer in Security 10-08-2019 0 2	0	2
Can Splunk audit logs be deleted by a user who has access to the Splunk server? Is it possible for a user who has access to the Splunk server delete audit logs in splunk? Auditors do not want our d... by doncrittendon Engager in Security 10-08-2019 1 1	1	1
How to configure User access based on index Hi, I want to set up various user roles to users in my splunk instances. Like Users from Group A should only have ac... by Gowthamdevaraj New Member in Security 10-08-2019 0 1	0	1
Disable SSL2, SSL3 and TLS1.0 globally Hi We have a clustered index setup (two indexers) on 7.1.1 and 3 search heads (unclustered). What is the recommended... by stevehut New Member in Security 10-08-2019 0 1	0	1
How do you build a search that gets a list of forwarders using SSL with successful connections? Can you help me make a search/query so I can get a list of forwarders using SSL with successful connections? by guheal New Member in Security 10-07-2019 0 3	0	3
cost of splunk Splunk Enterprise Certified Admin I have no course on splunk, and the company had me look up everything that i could from costs to time consumption to ... by rsaude Path Finder in Security 10-07-2019 0 7	0	7