Security

Community Activity

Password Reset Command for Splunk Can somebody show me a Splunk command on how to find a number of password resets and how I can display the total numb... by keldridg2 New Member in Security 08-14-2019 0 13	0	13
how to handle ERROR ArchiveContext , Decompression error Hello Splunkers , Good day I am stuck with one problem where i am monitoring .gz files using UF and getting the da... by kannu Communicator in Security 08-14-2019 0 0	0	0
Default Power User Capabilities Can a default Power User view/check licenses. by jtnormand New Member in Security 08-13-2019 0 1	0	1
power user exam 2 i have seen online where people are saying that the power user exam is a open book, is this a true statement? by francright29 New Member in Security 08-13-2019 0 2	0	2
user by which splunk is installed on windows os I have splunk installed on windows os in production environment and I want to know by which user splunk is installed ... by ips_mandar Builder in Security 08-13-2019 0 2	0	2
How is a splunkworks add on supported by splunk A number of add on's have been placed in the public domain to allow users to own and control their development. How w... by nclancy_splunk Splunk Employee in Security 08-13-2019 1 1	1	1
Splunk and CSP functions I'm running nginx with the below security config. add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-P... by tb5821 Communicator in Security 08-12-2019 0 1	0	1
How do I pass credential in custom search command My custom search command required some credentials to work (third party lib auth) and I don't want to have it hardcod... by mhurtovy New Member in Security 08-12-2019 0 1	0	1
Geographically improbable Access Using iplocation Hi everybody, I was reading https://answers.splunk.com/answers/560188/logic-behind-geographically-improbable-access-... by JRamirezEnosys Explorer in Security 08-08-2019 0 2	0	2
LDAP - shcluster/apps - authorize.conf not showing up in the UI In a clustered environment roles defined and mapped for LDAP authentication configured in Deployer (shcluster/apps) a... by ppilla Engager in Security 08-08-2019 0 3	0	3
How to mask passwords from suricata json.eve Hi all, I would like to hide password at payload_printable field in event log from suricata json.eve. {"timestamp":... by thund_ssi Explorer in Security 08-07-2019 0 2	0	2
search time regular expression. Hi All , below is my sample data. We are receiving data using key=value pairs like below. time=time1 \| dest_ip=abmn... by jsuryaprakash Path Finder in Security 08-07-2019 0 3	0	3
Need help making a swimlane for All Privileged Authentication Attempts I'm trying to make a Swimlane search to use the Authentication Datamodel, and the Privileged Authentication Dataset, ... by MikeVenable Path Finder in Security 08-06-2019 0 6	0	6
Splunk Docker container error "cannot create /opt/container_artifact/splunk-container.state: Permission denied"? I had been successfully using a custom Dockerfile to create a Docker container based on the Splunk-provided Docker im... by Graham_Hanningt Builder in Security 08-06-2019 0 1	0	1
Splunk Power Users Role -- Edit all Saves Reports and Alerts We have hundreds and hundreds of saved searches and dozens of Alerts. I need the power user role to be able to edit a... by TobiasBoone Communicator in Security 08-05-2019 0 3	0	3
Grant Power Users Role Edit on All Saves Searches / Alerts We have hundreds of saved searches/reports/alerts. I need the power users role to be able to edit and maintain them,... by TobiasBoone Communicator in Security 08-05-2019 0 1	0	1
allow user to run search contained in lookup I have created a lookup. fairly basic 2 columns, column 1 has an ID the second a search string. ID searchstr... by dmcintosh1972 Explorer in Security 08-04-2019 0 3	0	3
Splunk Enterprise - Demo System Error Hello, I installed the Splunk Enterprise Demo System on my local machine, However, once I click on Splunk Icon on m... by lokeshtibbani New Member in Security 08-04-2019 0 0	0	0
Onprem SplunkWeb Successfully Using Internal CA Issued SSL Cert but Site Displays Certificate is "Not Secure" We have On Prem Splunk Deployment and Heavy Forwarder Servers We have a requirement to use third party SSL Certificat... by cbwillh Path Finder in Security 08-02-2019 0 1	0	1
Splunk Rest Request using browser - Unauthorized because of Origin header "services/search/jobs/" Splunk endpoint is replying “Unauthorized” (HTTP 401) due to the presence of the “Origin”/”Re... by mibrahim8 Explorer in Security 08-02-2019 0 1	0	1
Which default certificate should I use to certify my HTTP Event Collector I am running some C# code that sends a POST request to my Splunk HTTP Event Collector at the following URL - https://... by llovell Engager in Security 08-01-2019 1 3	1	3
anyone else have an error when upgrading from ES 5.30 to 5.31 fails on sa-utils testing out the july 24 2019 release of Enterprise Security. Consistently fails on enabling the application (Fails on... by ssattler Path Finder in Security 08-01-2019 0 0	0	0
Multiple LDAP group User part Hello All, If one user is part of multiple LDAP groups which are linked in Splunk. Which one will he assigned to? ... by vishaltaneja070 Motivator in Security 08-01-2019 0 1	0	1
Server Error on Login from a remote machine HI, I have a splunk enterprise out of box installed on win 10. I can login using localhost no problem, but if I try t... by luigius New Member in Security 07-31-2019 0 4	0	4
Getting Error as 'TsidxStats': WHERE clause is not an exact query in Cisco Networks App I am facing Error in 'TsidxStats': WHERE clause is not an exact query on Cisco Network Networks App. by singriajay Explorer in Security 07-31-2019 0 0	0	0