Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

owasp top 10

HI, can I get help on splunk query to find attacks on my external website like Cross site script, SQLi, RFI etc.

by Path Finder in

can I use pingstatus on splunk version 7.x.x?

As per https://splunkbase.splunk.com/app/507/, pingstatus is only supported on Splunk Versions: 6.2, 6.1, 6.0, 5.0. ...

by Path Finder in

TCP/UDP flood src_ip/dest_ip = 0.0.0.0 Why?

Hi team! It's my very first time and I need help. I want to undertands why these IPs are 0.0.0.0 Her...

by Path Finder in

How do you make a report of users using 'X' dashboard in Splunk?

Looking for the report of who are using X dashboard in Splunk. Is there any Query for this? Thanks in Advance

by Engager in

How do I create a search which detects password changes and finds the last time the password was changed?

Hello, I am working on a Splunk search to see which users have changed their passwords more than a specific number...

by Engager in

Can you help me create a search that returns Audit AD Login\Logoff data?

I need to perform a security audit on a particular user. I need to enter in specific username = example mydomain\...

by New Member in

Splunk TA installation location

I am trying to install the Rapid 7 TA. The document doesn't really give any good information. There are no searches, ...

by New Member in

Active Directory - Event ID 4738 - Message Fields

I seem to be having some issues working with AD event ID 4738. Unless I am doing or reading something wrong, one of t...

by Path Finder in

Splunk ES: Why are all Security Indicators under Threat Activity reporting '0'?

Hi, Under Threat Activity, all the indicators report "0" all the time regardless of the search parameters. When cl...

by Builder in

How to add an extra event field to the ePO query using DB connect 2.4 and ePO 5.3?

Additional information: I'm not confident on the left join syntax, but the query appears to fail before it gets to th...

by Explorer in

In Splunk Enterprise, I use |rest /services/authentication/users/ to get a list of users. How can I do the same in Splunk-ES?

I need a list of admins and also users from Splunk-ES to list in an audit dashboard.

by New Member in

Does Splunk_TA_microsoft_dns need to be deployed to every domain controller?

All, I am looking at Splunk_TA_microsoft_dns. We deployed it to every domain controller, but I was wondering if w...

by Builder in

Why is the Splunk Enterprise Security Malware Center not displaying infection counts?

All, I have installed Splunk Enterprise Security (ES) and the Clam AV apps. Searching tag=malware tag=attack work...

by Builder in

Is there a way to add entire roles as collaborators to an investigation rather than just one at a time?

Hi all, I'm using ES 4.7.3 and as far as I know there is only the option to add collaborators one at a time to an ...

by Path Finder in

How to onboard System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx

In my server I want to onboard DNS Audit logs in addition to DNS Events. DNS Audit logs are getting created in C:\Wi...

by Explorer in

Splunk ES Incident dashboard not working with Splunk Enterprise 7.1.2

We upgraded our Splunk enterprise to 7.1.2 from 7.0 version in a SH that has Splunk ES version 4.7.2. After the upgr...

by Communicator in

Splunk enterprise security in VM

What is the system requirement for Virtual Machines for installing Splunk Enterprise Security?

by Communicator in

How to capture value between two dates and a time string?

Hi, How can I capture the the text between the first and second date and time strings. Using the example event...

by Explorer in

Aggregate function ignore null values

Hello all, I am new to splunk, By following string i get a graph of risk: index="iniatva_linux" Risk=Criti...

by New Member in

Difference between the results from a visualizations and a regular search

Hi there, I have a strange situation. When I'm using a base search into a dashboard, I have displayed only 4 devic...

by New Member in

AWS SQS - Api calls using http only?

I have configured the AWS Add-On for Splunk and want to ingest logs from an S3 bucket by following the Splunk recomme...

by Explorer in

What is the best method of calculating variance, Extreme Search or just Stats?

I currently have several behavioral anomaly searches that report users exhibiting authentication behavior that is X n...

by Path Finder in

When upgrading to ES 5.1.0 the "Related Events" disappeared.

After upgrading to Splunk 7.1.2 and ES 5.1.0 I no longer see the "Related Events" drilldown option on the incident re...

by Path Finder in

Using Boolean operators in datamodel

I would like to use the Network_Traffic datamodel and exclude all internal source network traffic by using the NOT op...

by New Member in

Getting error when trying to update notables after upgrade from 5.0 to 5.1

After upgrading to 5.1 (and 7.1.2) from 5.0 (and 7.0.2), we are noticing errors when trying to edit notables. Steps t...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

owasp top 10

can I use pingstatus on splunk version 7.x.x?

TCP/UDP flood src_ip/dest_ip = 0.0.0.0 Why?

How do you make a report of users using 'X' dashboard in Splunk?

How do I create a search which detects password changes and finds the last time the password was changed?

Can you help me create a search that returns Audit AD Login\Logoff data?

Splunk TA installation location

Active Directory - Event ID 4738 - Message Fields

Splunk ES: Why are all Security Indicators under Threat Activity reporting '0'?

How to add an extra event field to the ePO query using DB connect 2.4 and ePO 5.3?

In Splunk Enterprise, I use |rest /services/authentication/users/ to get a list of users. How can I do the same in Splunk-ES?

Does Splunk_TA_microsoft_dns need to be deployed to every domain controller?

Why is the Splunk Enterprise Security Malware Center not displaying infection counts?

Is there a way to add entire roles as collaborators to an investigation rather than just one at a time?

How to onboard System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx

Splunk ES Incident dashboard not working with Splunk Enterprise 7.1.2

Splunk enterprise security in VM

How to capture value between two dates and a time string?

Aggregate function ignore null values

Difference between the results from a visualizations and a regular search

AWS SQS - Api calls using http only?

What is the best method of calculating variance, Extreme Search or just Stats?

When upgrading to ES 5.1.0 the "Related Events" disappeared.

Using Boolean operators in datamodel

Getting error when trying to update notables after upgrade from 5.0 to 5.1

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

How to handle Defender Incidents/Alerts with ES No...

Splunk Enterprise Security API support for update ...

Clarification on UBA Capability in Splunk Enterpri...

KV Store communication fails with TLS errors after...

Findings Comments

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions