Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Symantec MSS integration with Splunk for orchestration and Incident Management

Dear ALL , I am searching a procedure to pull and update the incidents from Symantec MSS created by their SOC ...

by New Member in

Nessus Home and Splunk Add-On for Tenable

Does this TA Support Nessus Home installations? I've tried to use Tenable.io and authentication seems to work but ...

by Splunk Employee in

In Splunk Enterprise Security, how do you combine two searches into one query and group on a specific field?

I am trying to create a query where there are two different searches that each produce a point in time for each devic...

by Explorer in

Fortigate logs are not in CIM format

I installed Fortinet Fortigate Add-on for Splunk 1.6.0 and Fortinet Fortigate App for Splunk 1.4. Sourcetypes are ide...

by New Member in

Notable Event Urgency issues

I have setup a few correlated events which currently are showing up in the incident review console as urgency (unknow...

by Engager in

Multiple tstats with prestats append=t not working in ES app

Hi, I'm querying a datamodel X and I need to append results with same fields names from datamodel xx using. I'm tr...

by Explorer in

Splunk Enterprise Security Alexa Domain NOT lookup failing

Hello, I am trying to create alerts for all outbound DNS queries which do not match the top one million domains as...

by Explorer in

Threat Intelligence

by default, where from threat Intelligence feed downloaded in splunk ?

by New Member in

Splunk Enterprise Security - Host Sending Excessive Emails Alert / Email Data model

Hi Everyone I'm having trouble with one of the alerts in Enterprise Security which is causing a lot of noise and f...

by New Member in

Subsearch relative to base search time

Hello, I'm looking into a way to discover following scenario in my ingested logs: some user logged out and didn't ...

by Explorer in

Script exited abnormally with code 114

I'm getting a scripting error on our Enterprise Security server every hour: msg="A script exited abnormally" input...

by Explorer in

In Splunk Enterprise Security, how do you use a subsearch to correlate information?

Hello, I'm trying to correlate events from 2 different source types, and 2 searches for example: sourcetypeA ha...

by New Member in

In Splunk Enterprise Security, how does Javascript SDK work? I wanna use client side SDK

Hi, Thanks for coming to my question. I am having trouble using javascript SDK. I cannot understand what is...

by Engager in

Notable event missing from Incident Review dashboard?

I have a search in which is generating results when I have it set as an alert and is successfully creating and event ...

by Explorer in

Using a different email address to send email responses using adaptive response action

Hi All, I have a use case where I want to send replies using a separate email address than the default address of ...

by Communicator in

In the Lookup File Editor App, can you help me with the lookup permissions?

Hi, When having lookups contained within an app, is it possible to set user permissions at the 'app' level as oppo...

by Path Finder in

How do I add macros into my search?

Would any one know how to look up the name of a person who owns a notable event using the owner field? This is my sea...

by New Member in

Any idea how I can troubleshoot this indexes.conf config?

All, I have this indexes.conf and added a frozen archive. The path is fully readable and writable by the Splunk u...

by Builder in

BlueCoat ThreatPulse -- Does anyone have experience logging data from ThreatPulse?

Greetings - I'm using BlueCoat ThreatPulse as a web filter ('cloud' based). The only method to pull their logs is vi...

by Engager in

Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the current version will support the 7.0 and above

Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the curren...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Symantec MSS integration with Splunk for orchestration and Incident Management

Nessus Home and Splunk Add-On for Tenable

In Splunk Enterprise Security, how do you combine two searches into one query and group on a specific field?

Fortigate logs are not in CIM format

Notable Event Urgency issues

Multiple tstats with prestats append=t not working in ES app

Splunk Enterprise Security Alexa Domain NOT lookup failing

Threat Intelligence

Splunk Enterprise Security - Host Sending Excessive Emails Alert / Email Data model

Subsearch relative to base search time

Script exited abnormally with code 114

In Splunk Enterprise Security, how do you use a subsearch to correlate information?

In Splunk Enterprise Security, how does Javascript SDK work? I wanna use client side SDK

Notable event missing from Incident Review dashboard?

Using a different email address to send email responses using adaptive response action

In the Lookup File Editor App, can you help me with the lookup permissions?

How do I add macros into my search?

Any idea how I can troubleshoot this indexes.conf config?

BlueCoat ThreatPulse -- Does anyone have experience logging data from ThreatPulse?

Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the current version will support the 7.0 and above

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

Introduction to Splunk AI

incident_review migration to new splunk enterprise...

What is the retention period for summaries generat...

Why the System Center does not show data from Wind...

Adding key indicator search to custom dashboard in...

How to send only not suppressed notable from Splun...