Splunk Enterprise Security

Discussions

Thread Info

Security Essentials / MITRE ATT&CK

What changes does Splunk Security Essentials make to Splunk Enterprise Security and what needs to be backed up to avo...

by New Member in

create Splunk SIEM rules to detect future attack for SolarWinds attack

Greetings! I need your support on how I can create Splunk SIEM rules to detect future attack as requested to th...

by Path Finder in

Manual Notable Tittle

I was trying to create a manual notable event using "sendalert notable". But the name of the notable is coming as "Ma...

by Explorer in

Parsing the "_raw" field of Splunk Python SDK results

Hi everyone, We're using the Splunk Python SDK to run queries in Splunk. However, we seem to be getting the resul...

by Explorer in

Detected deprecated Threat Intelligence Manager inputs

Hello, I am recieving the following warning on my alerts: Health Check: Detected deprecated Threat Intelligence M...

by Path Finder in

biuld a siem without Enterprise security app

Hi i'm going to build a minimal siem in our office and because of price can't get es app what I would like to know is...

by Explorer in

Which app(s) for Microsoft Windows Defender ATP?

I see 3 different apps from 3 different authors on splunkbase for Microsoft Windows Defender ATP ; which one is the o...

by Esteemed Legend in

Ad hoc adaptive response executed twice

Hello, I've created adaptive response action with Add-on builder 3.0.1. It creates a ticket in ticketing system. ...

by Explorer in

Why is the output from my lookup command empty?

I have created a lookup table that contains about 15 columns and about 100K rows that contains CMDB info. I want to b...

by Explorer in

How to get Splunk Data into PowerBI?

Hi All, I have requirement to extract splunk data into PowerBI for dashbaords and reports could you please point me i...

by Engager in

Splunk CMDB Lookup

We want to override the lookup File as per the below condition.If File not exist - we don't want to override the look...

by New Member in

AWS LOGS for SIEM

Hi All, I am getting below AWS logs from customer but below logs are taking more than 50 % of license, so please coul...

by Explorer in

Missed macro ec2_excessive_terminateinstances_mltk_input_filter

Hi Splunkers, in ES Content Update there's detection rule that requires a prebuild MLTK model that is formed by a s...

by Contributor in

MITRE-ATTACK latest threat list can not be downloaded in ES

ES erroring reg. The latest threat list can not be downloaded. I visited the site it is trying to access manually , n...

by Contributor in

Incident Review Auto-Refresh

How do I get my Incident Review in ES to auto refresh, without having to manually auto refresh it from the browser.

by New Member in

Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header

Hi I would like to add an additional Threat Intelligence Feed to the collection of the Intelligence Downloads in En...

by New Member in

Inline table not showing in Correlation Search Email Notification

I created a correlation search with only two pipes, table and rename. I added inline table to the email notification ...

by New Member in

XFE app threat intelligence in Splunk

Hello fellow Splunkers, is it possible for Splunk to connect to IBM XFE app to get the threat intelligence feeds, I...

by Explorer in

Use case to report on users who are accessing systems or data that is not within their regular usage?

Hi All, is any one created Use case to report on users who are accessing systems or data that is not within their reg...

by Explorer in

Recorded Future App Add On for Splunk ES

I am installing Recorded Future Add on App into my Splunk ES environment I would like to know which Search Head shoul...

by Engager in

Splunk Enterprise Security

Discussions

Security Essentials / MITRE ATT&CK

create Splunk SIEM rules to detect future attack for SolarWinds attack

Manual Notable Tittle

Parsing the "_raw" field of Splunk Python SDK results

Detected deprecated Threat Intelligence Manager inputs

biuld a siem without Enterprise security app

Which app(s) for Microsoft Windows Defender ATP?

Ad hoc adaptive response executed twice

Why is the output from my lookup command empty?

How to get Splunk Data into PowerBI?

Splunk CMDB Lookup

AWS LOGS for SIEM

Missed macro ec2_excessive_terminateinstances_mltk_input_filter

MITRE-ATTACK latest threat list can not be downloaded in ES

Incident Review Auto-Refresh

Failing to add Threat Intelligence Feed to Splunk Enterprise Security with custom HTTP Authorization Header

Inline table not showing in Correlation Search Email Notification

XFE app threat intelligence in Splunk

Use case to report on users who are accessing systems or data that is not within their regular usage?

Recorded Future App Add On for Splunk ES

Security Essentials / MITRE ATT&CK

Parsing the "_raw" field of Splunk Python SDK resu...

Missed macro ec2_excessive_terminateinstances_mltk...

MITRE-ATTACK latest threat list can not be downloa...

Failing to add Threat Intelligence Feed to Splunk ...