Splunk Enterprise Security

Discussions

Thread Info

HPE Aruba ClearPass App for Splunk Enterprise: How to configure the app for my Splunk instance?

I have a Splunk instance with a Search Head (SH) and two load balanced Indexers. There are two Heavy Forwarders (HF) ...

by Communicator in

ThreatQuotient Integration With Splunk ES App

Hello All, I am currently working on integration of Threatquotient feed to Splunk. I am successful in getting ...

by Engager in

Add Adaptive Response fields to Notable Event

I've done quite a bit of research on this top and I've found this post from a few years ago which references George S...

by Path Finder in

What is the purpose of the `useother` macro

Looking at some of the built in dashboards in Enterprise Security, there is a macro named useother | tstats count ...

by Path Finder in

How Do I Map Splunk Security Content to MITRE ATT&CK?

I would like to map the Splunk Security Content from Enterprise Security (ES), Enterprise Security Content Update (ES...

by Splunk Employee in

Splunk Azure Deployment questions

Hey All, We are researching a potential Splunk deployment to the Azure cloud but had a few questions. In the do...

by Builder in

Does the Splunk Enterprise Security license expire?

How does the Splunk enterprise security expire? Is it related to the license? My client is asking - if Enterprise ...

by Builder in

Splunk Enterprise Security App Integration with Ticketing / Incident Response System

We recently emailed Splunk with some questions regarding the integration of Splunk Enterprise Security App into a tic...

by Explorer in

map_notable_fields in ES bug ?

Hi guys I have this search: | datamodel "Malware" "Malware_Attacks" search | `drop_dm_object_name(Malware_Attac...

by Path Finder in

Can you help us migrate Splunk Enterprise to Splunk Cloud?

Hi Team, Recently, we have purchased Splunk Cloud for our organization. And currently we have all of our setup in...

by Path Finder in

metatada from index manipulation with aliases

I wanted to use the metadata command to monitor the last time an IDS sensor fed in our index. Because we are using fi...

by Engager in

Where I can find Interactive dashboard example for SOC/NOC ?

I have seen splunk dashboard example but not find to interactive for my case.please suggest me some good example for ...

by Explorer in

How to integrate Symantec Control Compliance Suite with Splunk ?

How to integrate Symantec Control Compliance Suite with Splunk ? Has anyone done this before and how.

by Communicator in

Enterprise Security script exited abnormally status="exited with code 3"

hi gents, we are getting the following error in our search heads. any ideas about what can be happening? I already...

by Builder in

In Splunk Enterprise Security, can you help me with my Use Cases set up?

I want to set up a use case in Splunk, and I am new in this application Logon failures for a user ID during a part...

by New Member in

Configuring Notable event

I am trying to create a notable event I am writing a query (index=****** EventCode=4771) in search App and then click...

by Explorer in

In Splunk Enterprise Security, how do you go about keeping historical data on a cron job alert that alerts on new Information?

I am pulling information from a search that I need to keep but update on top of. For example, my search is findin...

by New Member in

Help with Splunk Enterprise Security IP threat intelligence lookup

Hello Splunkers, I want to create my own saved search in Splunk Enterprise Security working on IP threat intellige...

by New Member in

How to add email action into Adaptive Response in ES

Hi Splunkers, I'd like to have ability to create email from an Incident Review dashboard (Actions - Run Adaptive R...

by Contributor in

Enable All Splunk Enterprise Security Features

I am trying to use Splunk ES searches and summaries but i'm not sure where to start or what logs are required. My mai...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

HPE Aruba ClearPass App for Splunk Enterprise: How to configure the app for my Splunk instance?

ThreatQuotient Integration With Splunk ES App

Add Adaptive Response fields to Notable Event

What is the purpose of the `useother` macro

How Do I Map Splunk Security Content to MITRE ATT&CK?

Splunk Azure Deployment questions

Does the Splunk Enterprise Security license expire?

Splunk Enterprise Security App Integration with Ticketing / Incident Response System

map_notable_fields in ES bug ?

Can you help us migrate Splunk Enterprise to Splunk Cloud?

metatada from index manipulation with aliases

Where I can find Interactive dashboard example for SOC/NOC ?

How to integrate Symantec Control Compliance Suite with Splunk ?

Enterprise Security script exited abnormally status="exited with code 3"

In Splunk Enterprise Security, can you help me with my Use Cases set up?

Configuring Notable event

In Splunk Enterprise Security, how do you go about keeping historical data on a cron job alert that alerts on new Information?

Help with Splunk Enterprise Security IP threat intelligence lookup

How to add email action into Adaptive Response in ES

Enable All Splunk Enterprise Security Features

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

What is the "enable to risk index" and "enable to ...

Strange CIM Issues- How would we fix?

Getting error while installing enterprise security...

Why is Splunk tag for key value pair not appearing...

How to identify null valued fields in the index?