Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

How do you show only specific categories in returned events?

I'm trying to run a simple search that shows only specific results and excludes the rest. The results are coming ...

by New Member in

Can you help me create a search that would match fields for two different indexes and stats?

Hi team! I need help with a search. I have 2 indexes and I want to match both for an IP field. If they match, ...

by Path Finder in

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

Hi, Because of license renew/upgrade: is there any way to report/estimate the license volume processed by Enterpri...

by Communicator in

Splunk ES 4.5 - How do we track removed 'investigations' created against a notable event?

I understand we can use the following to look at the investigations created which are 'Active'. |inputlookup appen...

by Influencer in

Why am I getting script failure errors with configuration_check.py that read "A script exited abnormally"?

On new install of Splunk Enterprise Security (version 4.7.6), I am seeing the following errors, once an hour. I inclu...

by Builder in

How can I achieve a field validation in a Custom Adaptive Response Action?

Hello, I'm unable to get field validation in a Custom Adaptive Response Action in Splunk Enterprise Security. What...

by New Member in

Can you help me make a search that returns stats from two indexes when they match?

Hi team! I'm new here, very first time with Splunk. I need stats from two different indexes but only if they ma...

by Path Finder in

TrendMicro AV logs and Malware report: Can anyone me with my search query?

Hello Team , I have to create a report using [trendmicro AV logs] which should include the below details: — Mon...

by Path Finder in

Threat Intelligence Weekly Statistics

I have been trying to get some statistics around the Threat Intel that is being pushed into the the comes into Splunk...

by Explorer in

how to compare different field value and list out the result?

Hi, All i want to do is just find out email event which the (sender_email _address) is different with the (return_ad...

by New Member in

McAFee DLP logs into splunk.

Hi guys, Does anyone have successfully get the DLP incident logs from ePO to Mcafee? I'm using dbconnect with epo APP...

by Engager in

Why the alert drill-down doesn’t seem to be functional under incident review page after app upgrade to 4.7.6?

I'm not able to close notable alerts in the Incident Review but now the alert drill-down doesn’t seem to be functiona...

by Path Finder in

Is Splunk certified Hippa compliant?

I have medical compliance questions from Auditors about the certification through CMS www.cms.gov They have tried to ...

by New Member in

Notable Event Suppression Keys: Why are there periodic duplicate notable events in the search head cluster (SHC)?

I am experiencing periodic duplicate notable events in my search head cluster. I have a feeling this has something to...

by Builder in

How do I import a CSV to compare the information with Splunk?

Hello team! I'm new and I need some help, I would like to be able to upload information that is in a CSV to Spl...

by Path Finder in

How to upload a CSV file daily and compare it with a search?

Hello team! I'm new to this and I need help. I would like to upload a CSV file with the following structure to Spl...

by Path Finder in

cvss score result not available in Splunk Enterprise Security module

Hi Experts, I am trying to setup a glasstable containing the result from cvss score field. I seem to get other...

by New Member in

Why is "Edit notable events section" on incident review page not visible?

I'm not getting edit option in incident review page under SplunkEnterpriseSecuritySuite. I'm using Splunk App for ...

by Path Finder in

Has anybody made a threat feed to firewall rule?

Hi, Has anybody tried the below scenario? If yes, can I get some guidance? Malicious IPs are shown on Splunk da...

by Path Finder in

The 'description' field is not displaying anywhere on Threat Intelligence dashboard from 'local_domain_intel' lookup. Where will it be populated on the dashboard?

We have integrated our Splunk add-on with Splunk Enterprise Security (Threat Intelligence) where we have scheduled a ...

by New Member in

how to create rule if user visiting any malicious domain matches in Phishtank.com

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the...

by New Member in

Will someone help me understand the following alert?

Hello! Can any one explain to me what's the problem ?

by Path Finder in

Why is ES changing Investigation Timeline Timestamp When Printing?

Hello All, We have just completed an upgrade to Splunk Base 7.1.2 and ES 5.1. We have a couple of ongoing investig...

by Contributor in

Splunk SPL - How to extract associated logs from stats queries?

Hello, I have a search which returns the moving average # of logs for a 12hr period (1hr prior) and the most recen...

by Explorer in

Wildfire Adaptive Response – Where do the results of the submission go?

I get a success status back after submitting the URL to AR for Wildfire, but I'm unable to find any response back fro...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How do you show only specific categories in returned events?

Can you help me create a search that would match fields for two different indexes and stats?

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

Splunk ES 4.5 - How do we track removed 'investigations' created against a notable event?

Why am I getting script failure errors with configuration_check.py that read "A script exited abnormally"?

How can I achieve a field validation in a Custom Adaptive Response Action?

Can you help me make a search that returns stats from two indexes when they match?

TrendMicro AV logs and Malware report: Can anyone me with my search query?

Threat Intelligence Weekly Statistics

how to compare different field value and list out the result?

McAFee DLP logs into splunk.

Why the alert drill-down doesn’t seem to be functional under incident review page after app upgrade to 4.7.6?

Is Splunk certified Hippa compliant?

Notable Event Suppression Keys: Why are there periodic duplicate notable events in the search head cluster (SHC)?

How do I import a CSV to compare the information with Splunk?

How to upload a CSV file daily and compare it with a search?

cvss score result not available in Splunk Enterprise Security module

Why is "Edit notable events section" on incident review page not visible?

Has anybody made a threat feed to firewall rule?

The 'description' field is not displaying anywhere on Threat Intelligence dashboard from 'local_domain_intel' lookup. Where will it be populated on the dashboard?

how to create rule if user visiting any malicious domain matches in Phishtank.com

Will someone help me understand the following alert?

Why is ES changing Investigation Timeline Timestamp When Printing?

Splunk SPL - How to extract associated logs from stats queries?

Wildfire Adaptive Response – Where do the results of the submission go?

Enterprise Security Content Update (ESCU) | New Releases

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Support adaptive response action in Splunk Enterpr...

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code

Adding comment (link) to Next Steps (In an alert u...