Splunk Enterprise Security

Discussions

Thread Info

How to create custom app/addon(steps) using CLI and push to SHC members using deployer

I am a Advanced beginner to splunk and i want to create custom app/addon in my search head cluster environment and pu...

by Engager in

Does ES have all the features available in Splunk Security Essentials App?

Does ES also comes with SSE app features like Analytics Advisor, Content Recommendations, Data inventory, CIM complia...

by Motivator in

Configure FS-ISAC TAXXI Feeds in Splunk ES

I am working on configuring the TAXXI Feeds. My Post argument is as below: collection="curated-ragw" earliest="-7d"...

by Explorer in

Splunk ES 4.7.6 - How do we track active investigations via lookup?

Is there a lookup I can use to create a custom table of active investigations? I am trying to create a table that sho...

by Builder in

Modifying Splunk ES Investigations in bulk

I am currently cleaning up the backlog of open Investigations and would like to close all investigations opened befor...

by Engager in

Splunk Stream ingest PCAP from the GUI issue

I am having issues ingesting PCAP files from the GUI. I found similar Answers and bug "STREAM-4235" but it appears ...

by Path Finder in

Threat Intel lookup - Can we change how frequently ES reads new information?

Hi all, We have few Custom CSV lookups that have been added to ES for Threat Intel. For the existing data, we can l...

by Builder in

Splunk Enterprise Security: Where can I find the incident review logs (incident_review.csv)?

Hello: Can anyone help me in finding the Incident review logs? Will it be there in the Indexer or the Search heads...

by New Member in

With regards to PeriodicHealthReporter, what constitutes a "Delayed Search"

Since performing a recent upgrade, SPlunk is constantly reporting (in Health Status) that the Searches Delayed is abo...

by Path Finder in

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Hey Splunk friends, Very new customers to splunk. Trying to find an easy way to create JIRA tickets from noteable...

by New Member in

Intelligence feed download by API

Hi Splunkers, we are tring to integrate our CTI portal to our splunk ES instance by intelligence feed, the situ...

by Engager in

Assign multiple risk objects in Risk Analysis

How to assign multiple risk object fields and object types in Risk analysis response action. I know it's possible fro...

by Explorer in

generating 5 individual notables events for single search but i need one notable event for all the search results

Hi all, Using the below SPL i have created one new use case for multiple emails sent from external domain. For ...

by Explorer in

How can I monitor VMware Horizon View with Splunk?

I’m running VMWare Horizon View 7 in my organization. Now with COVID-19 Shelter in place we all need to WFH. How do I...

by Path Finder in

Adaptive Response Action Send email not sending results

We made a clean installation of on-prem Splunk Enterprise 8.0.9 and Enterprise Security 6.4.0. When correlation searc...

by Communicator in

Splunk Enterprise Security IOC Information

I was asked if IOC information from Splunk Enterprise Security could be used as a dataset. For example, is it possi...

by Explorer in

Use case to report on users who are accessing systems or data that is not within their regular usage?

Hi All, is any one created Use case to report on users who are accessing systems or data that is not within their reg...

by Explorer in

Why do we get errors on the REST command in the Investigation Overview dashboard on Splunk ES?

Hi, After upgrading to Splunk ES version 6.0.0 we got the Investigation Overview dashboard, but we have some probl...

by Builder in

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

What is the latest stable release of splunk 8.x? We are planning a version upgrade from 7.3.5 to 8.x. I have heard ...

by Communicator in

LDAP Authentication Error

Hello. Good afternoon. We are receiving a successful bind error when trying to authenticate using SA-LDAPSearch. ...

by Loves-to-Learn Lots in

Splunk Enterprise Security

Discussions

How to create custom app/addon(steps) using CLI and push to SHC members using deployer

Does ES have all the features available in Splunk Security Essentials App?

Configure FS-ISAC TAXXI Feeds in Splunk ES

Splunk ES 4.7.6 - How do we track active investigations via lookup?

Modifying Splunk ES Investigations in bulk

Splunk Stream ingest PCAP from the GUI issue

Threat Intel lookup - Can we change how frequently ES reads new information?

Splunk Enterprise Security: Where can I find the incident review logs (incident_review.csv)?

With regards to PeriodicHealthReporter, what constitutes a "Delayed Search"

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Intelligence feed download by API

Assign multiple risk objects in Risk Analysis

generating 5 individual notables events for single search but i need one notable event for all the search results

How can I monitor VMware Horizon View with Splunk?

Adaptive Response Action Send email not sending results

Splunk Enterprise Security IOC Information

Use case to report on users who are accessing systems or data that is not within their regular usage?

Why do we get errors on the REST command in the Investigation Overview dashboard on Splunk ES?

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

LDAP Authentication Error

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

Configure FS-ISAC TAXXI Feeds in Splunk ES

Modifying Splunk ES Investigations in bulk

Splunk Stream ingest PCAP from the GUI issue

Threat Intel lookup - Can we change how frequently...

JIRA Service Desk: Adaptive Response Action Canno...

Splunk Enterprise Security

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >