Splunk Enterprise Security

Community Activity

	Traffic Search function I've seen someone use this traffic search function but can't find it myself:How can I access this traffic search func... by brownbag Engager in Splunk Enterprise Security 10-03-2024 0 3	0	3
	Documentation for SA-AccessProtection / DA-ESS-AccessProtection Greetings,I found some useful savedsearches under SA-AccessProtection / DA-ESS-AccessProtection, which I am intereste... by mjuestel2 Path Finder in Splunk Enterprise Security 10-02-2024 0 0	0	0
	How to Format Dates in Splunk Email Reports for Improved Readability I'm trying to resolve an issue where Splunk sends email reports, but the information exported as an attachment uses a... by KingUs80 Loves-to-Learn Lots in Splunk Enterprise Security 09-30-2024 0 5	0	5
	Autolookup How to fix"Could not load lookup=LOOKUP-autolookup_prices" by Joesplunk New Member in Splunk Enterprise Security 09-26-2024 0 1	0	1
	Multi-Select in HTML for Alert Action does not return anything and does not show up in payload passed to python script I am using the following html for my alert action data entry screen. The tenant mulit-select does not show up in the... by jfournet New Member in Splunk Enterprise Security 09-23-2024 0 0	0	0
	Where are Noteable Event Suppressions stored in Splunk? In Enterprise Security, you can configure Notable Event Suppressions. When adding/editing a suppression, which file ... by echojacques Builder in Splunk Enterprise Security 09-23-2024 0 7	0	7
	For Enterprise Security, Threat Intelligence Management - What is the correct content of a STIX file? We are trying to ingest a STIX file into the Threat Intelligence Management, the STIX parses, but does not find anyth... by beano501 Explorer in Splunk Enterprise Security 09-22-2024 0 1	0	1
	Search by id does not work in Incident Review When running a search on the Incident Review dashboard where the search term is the <event_id> value or event_id="<ev... by rbenbenish New Member in Splunk Enterprise Security 09-19-2024 0 0	0	0
	URL Next step for notable Hi everyone!Is it possible to pass a parameter from search to the next "action\|url" step? Like in description: $resul... by user487596 Explorer in Splunk Enterprise Security 09-17-2024 0 0	0	0
	Enterprise Security app We have a cluster with two search heads and two indexers. We need to install the Enterprise Security app on the searc... by hazem Path Finder in Splunk Enterprise Security 09-17-2024 0 2	0	2
	After Updating to 9.2.2, ESS has stopped creating notables (ESS ver. 7.2.0) Hi,We were using Splunk Enterprise (8.2.5) and ESS (7.2.0) on Debian 12. Everything was working fine until I upgraded... by aluvian Loves-to-Learn Everything in Splunk Enterprise Security 09-16-2024 0 4	0	4
	How to calculate MTTD in ES Hello Splunk ES experts , I want to make a query which will produce MTTD (something like by analyzing the time diffe... by vikas_gopal Builder in Splunk Enterprise Security 09-14-2024 0 4	0	4
	Send Notable event _id to soar with notable alert Salam guysI wrote the Correlation Search Query and added the Adaptive Response Actions (notable, risk analysis and se... by kareem Explorer in Splunk Enterprise Security 09-14-2024 0 0	0	0
	Palo log issue Hi all,I'm having issues comparing user field in Palo Alto traffic logs vs last user reported by Crowdstrike/Windows ... by Splunkers2 Observer in Splunk Enterprise Security 09-14-2024 0 3	0	3
	Splunkbase app download via command line Hi All,I need to download and install below app via command linehttps://splunkbase.splunk.com/app/263Please help me w... by VijaySrrie Builder in Splunk Enterprise Security 09-13-2024 0 1	0	1
	Setting Up Splunk Universal Forwarder to Monitor and Analyze .evtx Files Hello Splunk Community,I have .evtx files from several devices, and I would like to analyze them using Splunk Univer... by tuts Path Finder in Splunk Enterprise Security 09-11-2024 0 3	0	3
	How to pass field value to custom alert action? Hi! I'm creating custom alert action. I can use my alert action in save alert and Correlation search. But I meet ... by wlight600 Engager in Splunk Enterprise Security 09-10-2024 0 14	0	14
	Match Linux log to CIM Hi all,Has anyone had experience matching Linux audit logs to CIM before?I installed the Add-on for Unix and Linux, b... by tdth Explorer in Splunk Enterprise Security 09-06-2024 0 3	0	3
	My Correlation Search doesn't trigger to Incident Review I Have 60 Correlation Search in Content Management Some of my Correlation Search doesn't trigger to Incident Review b... by zksvc Contributor in Splunk Enterprise Security 09-05-2024 0 0	0	0
	Splunk ES using the BOTSv2 Hello, I am currently working in a SOC, and I want to test rules in Splunk ES using the BOTSv2 dataset. How can I con... by tuts Path Finder in Splunk Enterprise Security 09-03-2024 0 1	0	1
	Splunk Security Essentials - macro 'summariesonly_config' cannot be found Hi,I am testing the Security Essentials App 3.8.0 in Splunk 9.0.8, and I found the same issue while trying to activat... by corti77 Contributor in Splunk Enterprise Security 09-02-2024 0 4	0	4
	Is there a way to efficiently list all fields by Sourcetype and field? I found a similar post that did not quite fit the bill of what I am trying to do.I want to be able to create a link g... by tadecleid New Member in Splunk Enterprise Security 09-02-2024 0 0	0	0
	event code 39 I would like to create a search with data models where my event id is 39. However, there is no datamodel that fulfill... by splunk_user9968 New Member in Splunk Enterprise Security 08-27-2024 0 1	0	1
	Search domain in lookup I have lookup file bad_domain.csvbaddomain.combaddomain2.combaddomain3.com Then i want to search from proxy log, who ... by f_666dhn Explorer in Splunk Enterprise Security 08-13-2024 0 1	0	1
	Feature request: Splunk ES investigation collaborator groups I request that there be the ability to create groups of users in enterprise security so that when you need to add the... by japo86 New Member in Splunk Enterprise Security 08-02-2024 0 1	0	1