Splunk Enterprise Security

Discussions

Thread Info

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incident

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incid...

by Engager in

Why doesn't the Splunk Add-on for Microsoft Windows DNS populate the Network Resolution data model?

I'm not seeing the Network Resolution/DNS datamodel/dataset populated from the Splunk Add-on for Microsoft Windows DN...

by Communicator in

Splunk ES - Incident Review (for SLA)

Sorry to ask this question if it has been talked about before - I have a Splunk ES installation that we use the "Inci...

by Loves-to-Learn Lots in

Integration of "Investigation" ES functionality into a custom splunk app

Hello, I am wanting to write an app for Splunk ES that can leverage the ability to integrate the investigation tool...

by Contributor in

How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often?

How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often? I have alrea...

by Contributor in

How to create custom app/addon(steps) using CLI and push to SHC members using deployer

I am a Advanced beginner to splunk and i want to create custom app/addon in my search head cluster environment and pu...

by Engager in

Does ES have all the features available in Splunk Security Essentials App?

Does ES also comes with SSE app features like Analytics Advisor, Content Recommendations, Data inventory, CIM complia...

by Motivator in

Configure FS-ISAC TAXXI Feeds in Splunk ES

I am working on configuring the TAXXI Feeds. My Post argument is as below: collection="curated-ragw" earliest="-7d"...

by Explorer in

Splunk ES 4.7.6 - How do we track active investigations via lookup?

Is there a lookup I can use to create a custom table of active investigations? I am trying to create a table that sho...

by Builder in

Modifying Splunk ES Investigations in bulk

I am currently cleaning up the backlog of open Investigations and would like to close all investigations opened befor...

by Engager in

Splunk Stream ingest PCAP from the GUI issue

I am having issues ingesting PCAP files from the GUI. I found similar Answers and bug "STREAM-4235" but it appears ...

by Path Finder in

Threat Intel lookup - Can we change how frequently ES reads new information?

Hi all, We have few Custom CSV lookups that have been added to ES for Threat Intel. For the existing data, we can l...

by Builder in

Splunk Enterprise Security: Where can I find the incident review logs (incident_review.csv)?

Hello: Can anyone help me in finding the Incident review logs? Will it be there in the Indexer or the Search heads...

by New Member in

With regards to PeriodicHealthReporter, what constitutes a "Delayed Search"

Since performing a recent upgrade, SPlunk is constantly reporting (in Health Status) that the Searches Delayed is abo...

by Path Finder in

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Hey Splunk friends, Very new customers to splunk. Trying to find an easy way to create JIRA tickets from noteable...

by New Member in

Intelligence feed download by API

Hi Splunkers, we are tring to integrate our CTI portal to our splunk ES instance by intelligence feed, the situ...

by Engager in

Assign multiple risk objects in Risk Analysis

How to assign multiple risk object fields and object types in Risk analysis response action. I know it's possible fro...

by Explorer in

generating 5 individual notables events for single search but i need one notable event for all the search results

Hi all, Using the below SPL i have created one new use case for multiple emails sent from external domain. For ...

by Explorer in

How can I monitor VMware Horizon View with Splunk?

I’m running VMWare Horizon View 7 in my organization. Now with COVID-19 Shelter in place we all need to WFH. How do I...

by Path Finder in

Adaptive Response Action Send email not sending results

We made a clean installation of on-prem Splunk Enterprise 8.0.9 and Enterprise Security 6.4.0. When correlation searc...

by Communicator in

Splunk Enterprise Security

Discussions

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incident

Why doesn't the Splunk Add-on for Microsoft Windows DNS populate the Network Resolution data model?

Splunk ES - Incident Review (for SLA)

Integration of "Investigation" ES functionality into a custom splunk app

How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often?

How to create custom app/addon(steps) using CLI and push to SHC members using deployer

Does ES have all the features available in Splunk Security Essentials App?

Configure FS-ISAC TAXXI Feeds in Splunk ES

Splunk ES 4.7.6 - How do we track active investigations via lookup?

Modifying Splunk ES Investigations in bulk

Splunk Stream ingest PCAP from the GUI issue

Threat Intel lookup - Can we change how frequently ES reads new information?

Splunk Enterprise Security: Where can I find the incident review logs (incident_review.csv)?

With regards to PeriodicHealthReporter, what constitutes a "Delayed Search"

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Intelligence feed download by API

Assign multiple risk objects in Risk Analysis

generating 5 individual notables events for single search but i need one notable event for all the search results

How can I monitor VMware Horizon View with Splunk?

Adaptive Response Action Send email not sending results

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

Tokens in notable event titles and descriptions no...

Splunk ES - Incident Review (for SLA)

Integration of "Investigation" ES functionality in...

Configure FS-ISAC TAXXI Feeds in Splunk ES

Modifying Splunk ES Investigations in bulk

Splunk Enterprise Security

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >