Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
hurricane13
Hi all, As the question states, is there a sizing guide for how many members I should include in a ES SHC? I am tryi...
by hurricane13 Engager in Splunk Enterprise Security 12-05-2018
0 4
0
4
ruhernandezdai
I was wondering how to implement some kind of alert inside Splunk to identify those devices that have stopped sending...
by ruhernandezdai New Member in Splunk Enterprise Security 12-05-2018
0 1
0
1
leeyounsoo
Hi, Splunk. I have a question about SA-Eventgen. I installed the Splunk Enterprise Security app and the SA-Eventgen...
by leeyounsoo Path Finder in Splunk Enterprise Security 12-05-2018
0 4
0
4
samadmemon
Hi All, I am trying to build a use-case from the firewall logs wherein if any allowed traffic is observed from any P...
by samadmemon Explorer in Splunk Enterprise Security 12-04-2018
0 0
0
0
ericl42
Hello, I'm fairly new to Splunk and I've been playing around with some of the security correlation rules and needed ...
by ericl42 Path Finder in Splunk Enterprise Security 12-03-2018
1 3
1
3
christianubeda
Hi team! I want to mount an oversized indexer to be able to receive a minimum of 10GB of data per day. As for the o...
by christianubeda Path Finder in Splunk Enterprise Security 12-03-2018
0 2
0
2
mgalos
I am not sure which Splunk ES related apps go where. My deployment looks like the following: Splunk universal forwa...
by mgalos New Member in Splunk Enterprise Security 12-03-2018
0 1
0
1
srisahitya_v
Dear Team, Splunk version - 7.0.1 ES version - 4.7.4 After patching activity, i have rebooted the Splunk cluster se...
by srisahitya_v Communicator in Splunk Enterprise Security 12-03-2018
0 2
0
2
HealyManTech
I am wondering if there is a way to have the urgency of the events just to be how you have it set in the Adaptive Res...
by HealyManTech Explorer in Splunk Enterprise Security 12-03-2018
0 2
0
2
vsskishore
How do I calculate the Enterprise security App license usage ? Is it different from the Spunk Enterprise license ? Do...
by vsskishore Explorer in Splunk Enterprise Security 12-02-2018
1 1
1
1
mahe90
Hi, I'm trying to find/create a splunk query for the following. My log is something like below: time=2018-10-2...
by mahe90 Explorer in Splunk Enterprise Security 11-30-2018
0 2
0
2
dkolekar_splunk
In the Splunk incident review dashboard, when the customer is clicking on the submit button, they can see the event c...
by dkolekar_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 11-30-2018
1 1
1
1
HealyManTech
I have a couple searches that trigger in Incident Review and I want to group them up by count. And than let the drill...
by HealyManTech Explorer in Splunk Enterprise Security 11-29-2018
1 3
1
3
neely_hpe
I am looking to take the default datamodel search -- | tstats summariesonly max(_time) as lastTime from datamodel=M...
by neely_hpe New Member in Splunk Enterprise Security 11-27-2018
0 1
0
1
ee07b291
Splunk Enterprise Version: 7.1.2 Enterprise Security Version: 5.1.0 Build: 12 When testing our AR action addon in e...
by ee07b291 Explorer in Splunk Enterprise Security 11-27-2018
0 5
0
5
qbolbk59
In my environment, i have configured authentication on Splunk via SAML in our organization. There's one user which is...
by qbolbk59 Path Finder in Splunk Enterprise Security 11-26-2018
0 0
0
0
pl1280
I just installed Splunk Enterprise 7.2.0, which shows that it is a supported platform for Enterprise Security 5.11. ...
by pl1280 New Member in Splunk Enterprise Security 11-26-2018
0 1
0
1
theslobb
I have a search that monitors alerts created by an IDS. I have begun going through the triggered alerts to suppress t...
by theslobb Explorer in Splunk Enterprise Security 11-21-2018
2 13
2
13
jdobbins_2
I have a simple search alert such as (index=A src_user=userA) which uses lookup tables to filter data. I'd like these...
by jdobbins_2 New Member in Splunk Enterprise Security 11-21-2018
0 1
0
1
Crashfry
So this post is more of a question in relation to how people have gained knowledge of using Splunk Enterprise as well...
by Crashfry Path Finder in Splunk Enterprise Security 11-21-2018
0 10
0
10
shiv1593
Hi All, This is a two fold question. Specs: Splunk Enterprise Security Version 6.6.1 Problem 1: I'm trying to disa...
by shiv1593 Communicator in Splunk Enterprise Security 11-20-2018
0 3
0
3
mahe90
Hi, SSE use case maps to the MITRE ATT&CK tactics. As we can see from MITRE ATT&CK, each tactic has various techni...
by mahe90 Explorer in Splunk Enterprise Security 11-20-2018
1 0
1
0
christopherr_sp
Splunk Enterprise is migrated from 6.5.3 to 7.1.2 and also Splunk Enterprise Security App has been upgraded from 4.7...
by christopherr_sp Splunk Employee Splunk Employee in Splunk Enterprise Security 11-20-2018
1 1
1
1
yemyslf
I'm trying to automate a search using the REST API to provide a list of events that occur x seconds before and after ...
by yemyslf Path Finder in Splunk Enterprise Security 11-19-2018
0 2
0
2
chrisschum
So I'm having a strange issue that I'm hoping someone can help me with. I have a pie chart with two goals: 1. Show t...
by chrisschum Path Finder in Splunk Enterprise Security 11-19-2018
1 8
1
8
Get Updates on the Splunk Community!

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...

Build and Launch AI Agents from Your Splunk Workflows

  Register We’ve all been there: juggling alerts, runbooks, and endless manual searches. What if you could ...

Splunk Cloud Application Management in Terraform

Register   On Tuesday, August 4 at 11AM PDT / 2PM EDT, we’re diving into how you can bring Infrastructure as ...