Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Trouble with Enterprise Security configuration

Hi All, We have recently installed Enterprise Security but strangely the default dashboard doesn't display the inde...

by Path Finder in

Notable info could not be obtained: : unidentified in content management adaptive response actions?

Hi All, we have newly installed ES cluster where we cannot see the any action populating in adaptive response. We ...

by Path Finder in

Why is the ES Incident Review page still lists deleted Correlation Searches in the Multiselect box "Correlation Search Name"?

The ES Incident Review page still lists deleted Correlation Searches Names in the Multiselect box "Correlation Search...

by Splunk Employee in

Enterprise Security - Correlation Search - Notable - "default owner" missing users

I'm attempting to auto-assign users to certain types of Notable events under "Default Owner". For some reason only 20...

by Communicator in

Enterprise Security Incident Review Default Filter: What conf file is that store in?

In Incident Review, one can create a filter and save it as a default. Where does it store that configuration so I ca...

by Path Finder in

Where can I find powershell commands?

G'day, Can someone please help me to understand how I can find the powershell commands (if any) an adversary has r...

by Loves-to-Learn Lots in

Using "sendalert risk" from saved search fails?

A saved search that ends with | sendalert risk param._risk_score=risk_score runs fine, but fails when run as a ...

by SplunkTrust in

Timechart with multiple values?

Hello!I'm trying to make a timechart day wise action by unique user for the proxy logs like this one below, but I'm u...

by Explorer in

How to get multiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true?

Hi All, I want enable mTLS in splunk cluster on all the communication channels. I have peer certificate that works...

by Path Finder in

How to make the Splunk ES Risk-Based Alerting risk threshold search case insensitive

We've starter lookin into Risk-Based Alerting (RBA) in Splunk ES, and noticed that the logic for the risk notables is...

by Builder in

Splunk Enterprise Security: Is it better to enable Hyper-threading?

Hello, I am wondering if on a dedicated Search Head with Splunk Enterprise Security it is better or not to enable ...

by Contributor in

How to write a Splunk audit search?

hi, i need to create a query or where can i find this information. i want the list of users who has r...

by Engager in

SOAR Could not update record due to ValidationError

Has anyone found this error event in SOAR?

by Explorer in

Threat Intelligence Management - Wrong threat match field?

Hi,I have looked at Threat match "src" under Threat Intelligence Manager.In the configuration the datamodel DNS Resol...

by Explorer in

Can someone recommend a threat intel feed of malicious IP-addresses that contain IP along with reputation score?

For ES, can someone recommend a threat intel feed of malicious IP-addresses that contain IP along with reputation sco...

by Builder in

Migrating Splunk Enterprise Security from VM to new physical host

I need to migrate my current ES installation from a VM to a physical host, due to performance issues in the virtual i...

by Explorer in

Splunk Security Analyst Workflows 7.1.0- Does filtering using short IDS show the suppressed notable events?

On page 12 of 122 on the documentation of "Splunk Security Analyst Workflows 7.1.0" it says and I quote: "If you a...

by New Member in

How to fix error: A custom JavaScript error caused an issuse loading your dashboard

Hi After configuring some reports in PCI, when I go back to Report, I get an error message:A custom JavaScript erro...

by Explorer in

After saving a lookup file with outputcsv, how to access it from search?

index=my_index [search is here] | outputcsv mycsv.csv After saving the search results into mycsv.csv file, can I a...

by Explorer in

Integration to ServiceNow

Installed the splunk add on to push events into ServiceNow and getting this error "snsecingestes Unable to forward...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Trouble with Enterprise Security configuration

Notable info could not be obtained: : unidentified in content management adaptive response actions?

Why is the ES Incident Review page still lists deleted Correlation Searches in the Multiselect box "Correlation Search Name"?

Enterprise Security - Correlation Search - Notable - "default owner" missing users

Enterprise Security Incident Review Default Filter: What conf file is that store in?

Where can I find powershell commands?

Using "sendalert risk" from saved search fails?

Timechart with multiple values?

How to get multiple issues when enabling ssl on Splunk web with 3rd party certs with requiredClientCert = true?

How to make the Splunk ES Risk-Based Alerting risk threshold search case insensitive

Splunk Enterprise Security: Is it better to enable Hyper-threading?

How to write a Splunk audit search?

SOAR Could not update record due to ValidationError

Threat Intelligence Management - Wrong threat match field?

Can someone recommend a threat intel feed of malicious IP-addresses that contain IP along with reputation score?

Migrating Splunk Enterprise Security from VM to new physical host

Splunk Security Analyst Workflows 7.1.0- Does filtering using short IDS show the suppressed notable events?

How to fix error: A custom JavaScript error caused an issuse loading your dashboard

After saving a lookup file with outputcsv, how to access it from search?

Integration to ServiceNow

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...

Migrating Splunk Enterprise Security from VM to ne...