Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
clozach
Let's say you get a new job where you'll be working with Splunk. When you come in, you come to realize many aspects o...
by clozach Path Finder in Splunk Enterprise Security 10-17-2018
0 1
0
1
coreylehman
We have two search heads. One of them is a deployment server containing mostly apps and the other is dedicated to Ent...
by coreylehman Engager in Splunk Enterprise Security 10-16-2018
0 1
0
1
cody_richardson
Is the GuardDuty Add-on officially supported on Splunk version 7.2? If not, are there plans to update it so it is sup...
by cody_richardson Path Finder in Splunk Enterprise Security 10-16-2018
0 2
0
2
sahiltcs
Hello, I have Splunk enterprise security version 6.5.3.1 and am trying to create a dashboard for Risk Analysis. When...
by sahiltcs Path Finder in Splunk Enterprise Security 10-16-2018
1 9
1
9
maniyavar
Hi All, I am using https://splunkbase.splunk.com/app/3945 app to pull crowdstrike Falcon intelligence data. what dat...
by maniyavar Explorer in Splunk Enterprise Security 10-15-2018
0 0
0
0
ZimmermanC1
After updating our Splunk environment from Splunk 7.0.3 & ES 5.0 to Splunk 7.2.0 & Enterprise Security 5.1.1, many of...
by ZimmermanC1 Explorer in Splunk Enterprise Security 10-15-2018
1 4
1
4
asabatini85
Hi Folks, my client recived this error after updated Splunk ES to 5.1.0 Version the error is: Error occurred durin...
by asabatini85 Path Finder in Splunk Enterprise Security 10-15-2018
0 2
0
2
anhdo89
Hello, I was wondering if anyone has taken the new power exam for 7.x. What were your thoughts on it? Was it very dif...
by anhdo89 Explorer in Splunk Enterprise Security 10-15-2018
1 4
1
4
mwdbhyat
Hi Guys, Doing some forwarding of events using the HEC. So far it looks like this: Events come in from source(forwa...
by mwdbhyat Builder in Splunk Enterprise Security 10-15-2018
0 2
0
2
pritismit
Insecure or Cleartext Authentication event received on siem why is this event occurring and what's the process to mi...
by pritismit New Member in Splunk Enterprise Security 10-12-2018
0 1
0
1
flippyflink
When will Splunk support blockchains? In a way that Splunk can store and lookup (encrypted) hashes of data in a firs...
by flippyflink New Member in Splunk Enterprise Security 10-12-2018
0 2
0
2
daniel333
All, I am troubleshooting the built in notable "Anomalous New Process" that comes with Splunk ES on version 5.1.1. ...
by daniel333 Builder in Splunk Enterprise Security 10-11-2018
0 3
0
3
woodcock
I need something programatic to sort through the hundreds and hundreds of searches.
by Esteemed Legend in Splunk Enterprise Security 10-11-2018
1 2
1
2
sampsoc
I would like to use Splunk ES's built in Threat Feeds to further identify malicious IP Addresses within a .CSV. While...
by sampsoc New Member in Splunk Enterprise Security 10-10-2018
0 0
0
0
akchauhan
Hi I have an index named "xyz" and inside that, I have data from different sources (a,b,c etc). I want to restrict ...
by akchauhan Explorer in Splunk Enterprise Security 10-10-2018
0 4
0
4
dschneider
My use case is that we pay a vendor to do unlocks after hours for us. I do not want to turn on the AD setting to unlo...
by dschneider Engager in Splunk Enterprise Security 10-10-2018
1 0
1
0
snigdhasaxena
Hi, I have uploaded a CSV file in Threat Intelligence Uploads with different data types like ip_intel, email_intel e...
by snigdhasaxena Communicator in Splunk Enterprise Security 10-09-2018
0 0
0
0
jonathangrant74
Greetings and thanks for the looking at this question. I have a Splunk server in an air-gapped environment and I'm t...
by jonathangrant74 Explorer in Splunk Enterprise Security 10-09-2018
4 1
4
1
itzikshviro
Hi guys, I need to build a search that compares 2 different indexes. search 1 - index=indexname1 suser=username act...
by itzikshviro Explorer in Splunk Enterprise Security 10-08-2018
0 2
0
2
mertox
I am trying to filter query results based on regex. They are stored within a lookuptable like this: path /etc/g...
by mertox Explorer in Splunk Enterprise Security 10-06-2018
1 9
1
9
akchauhan
We observed a security loophole in Splunk Enterprise Security. We have restricted permission on "Y" index in Splunk t...
by akchauhan Explorer in Splunk Enterprise Security 10-06-2018
0 1
0
1
JeffBothel
I am attempting to create a dashboard that has a couple input fields with one being dependent on the other. The inde...
by JeffBothel Explorer in Splunk Enterprise Security 10-05-2018
0 1
0
1
tmwhitm
I have been reviewing answers from this forum & Splunk doc but I can't seem to find out why my rex command keeps thro...
by tmwhitm New Member in Splunk Enterprise Security 10-05-2018
0 7
0
7
donaldmayo
Hello All! I'm currently in the process of going over our correlation rules and outputs. I've reached a point in Ent...
by donaldmayo New Member in Splunk Enterprise Security 10-05-2018
0 0
0
0
alpsholic
I have a scenario which I can explain with an example. I am implementing a 3rd party service which takes action based...
by alpsholic Explorer in Splunk Enterprise Security 10-04-2018
0 3
0
3
Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...