Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Retrospective searches based on new threat intelligence indicators in ES

As the title says, I am looking to setup retrospective searches based on new threat intelligence indicators in ES. ...

by Contributor in

Input lookup results: How to exclude results from Lookups?

Hi, index=network sourcetype=cisco:asa NOT src_ip IN("10.0.0.0/8","10.0.0.1,"10.0.0.2") | bucket _time span=1m| st...

by Engager in

Where can I find Splunk logs for Content management in Splunk Enterprise security?

Hello Team, In our environment, we have created use cases in the content management in Splunk ES. We want to know ...

by Loves-to-Learn in

Threat Activity Detecting Possibly Old Intel From Old Lookup- Search shows more than specified?

Hello Splunkers, I have a search created below to only detect local ip intel specified manually by the user: ...

by Path Finder in

How to send events via HEC method via JSON format?

Hi to all. im setting an integration with Splunk and Splunk ES. I decided to send events via HEC method json fo...

by Observer in

CIM Field Values- Do field values have to be consistent for ES or doesn't it matter?

Hello Do field values have to be consistent for ES or doesn't it matter? So in the wineventlog if src is sometime...

by New Member in

In Splunk Fortinet FortiGate app - Wireless and System dashboards are not working?

In the Splunk Fortinet FortiGate app - wireless and System dashboards are not workingboth dashboards are not showing ...

by Observer in

Variable substitution not working in correlation search?

I have a correlation search for detecting when host stops sending logs. I enabled the search and set the title as bel...

by Path Finder in

Splunk Add-on for Windows - DNS Not Mapped to CIM?

i have installed the Splunk Add-on for Windows app to monitor DNS logs using the Debugging enabled option on my serve...

by Engager in

Risk isn't showing up in the Edit Correlation Search?

I have an app with my alerts. I have risk enabled and it's working however risk isn't showing up in the Edit Correlat...

by Explorer in

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway?

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway (UAG)? Splunkbase doesn't seem to h...

by Communicator in

What apps are used for splunk in soc in bank?

which apps are used in Splunk soc in a bank ?? for threat intel, incident response, and so on.

by New Member in

Is it possible to get the creation date of a correlation search?

Hello Splunkers, I was wondering if there is a way to get the creation date of a correlation search. If s...

by Explorer in

How to change the event time of ES Incident Review

Hello, I am new for Splunk ES. To configure the ES Incident Review, I use the default setting for the Time which sh...

by Loves-to-Learn Lots in

How do we prevent Content Update popup window in ES 7.0?

We are planning to upgrade ES from 6.6.2 to 7.0.1, one of the new features will have a pop up window indicating that ...

by Path Finder in

Why aren't Risk Score, Risk Event and Risk Object showing in the notable event?

Hi peeps, We were fine tuning the Notable Event, and there were fields that were not showing any values. Those fie...

by Path Finder in

Expiration of Threat Intel in Enterprise Security- Once file is uploaded, should we remove rows from CSV to start it?

Hi, We use the threat intelligence app within Enterprise security and use the local IP intel csv (local_ip_intel.c...

by New Member in

How to prevent notable events from being created in Enterprise Security when the source is one of the scanning devices?

We have several devices that perform endpoint and network device scanning. As intended, they are scanning prohibited...

by Engager in

Is there any way to know about hot warm cold frozen buckets lifespan from Splunk GUI?

Hello Splunk team, I have two doubts please help me with details, 1. We are using Splunk cloud platform for Enterp...

by Loves-to-Learn in