Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
markerton

How do you show only specific categories in returned events?

I'm trying to run a simple search that shows only specific results and excludes the rest. The results are coming fr...
by markerton New Member in Splunk Enterprise Security 09-13-2018
0 1
0
1
christianubeda

Can you help me create a search that would match fields for two different indexes and stats?

Hi team! I need help with a search. I have 2 indexes and I want to match both for an IP field. If they match, I wa...
by christianubeda Path Finder in Splunk Enterprise Security 09-13-2018
0 1
0
1
ikulcsar

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

Hi, Because of license renew/upgrade: is there any way to report/estimate the license volume processed by Enterprise...
by ikulcsar Communicator in Splunk Enterprise Security 09-13-2018
0 4
0
4
lakshman239

Splunk ES 4.5 - How do we track removed 'investigations' created against a notable event?

I understand we can use the following to look at the investigations created which are 'Active'. |inputlookup append=...
by lakshman239 Influencer in Splunk Enterprise Security 09-12-2018
0 9
0
9
DEAD_BEEF

Why am I getting script failure errors with configuration_check.py that read "A script exited abnormally"?

On new install of Splunk Enterprise Security (version 4.7.6), I am seeing the following errors, once an hour. I incl...
by DEAD_BEEF Builder in Splunk Enterprise Security 09-12-2018
0 1
0
1
nicolociraci

How can I achieve a field validation in a Custom Adaptive Response Action?

Hello, I'm unable to get field validation in a Custom Adaptive Response Action in Splunk Enterprise Security. What I...
by nicolociraci New Member in Splunk Enterprise Security 09-12-2018
0 0
0
0
christianubeda

Can you help me make a search that returns stats from two indexes when they match?

Hi team! I'm new here, very first time with Splunk. I need stats from two different indexes but only if they match....
by christianubeda Path Finder in Splunk Enterprise Security 09-11-2018
0 1
0
1
SunilMaharishi

TrendMicro AV logs and Malware report: Can anyone me with my search query?

Hello Team , I have to create a report using [trendmicro AV logs] which should include the below details: — Monthly...
by SunilMaharishi Path Finder in Splunk Enterprise Security 09-11-2018
0 0
0
0
reubenjoseph

Threat Intelligence Weekly Statistics

I have been trying to get some statistics around the Threat Intel that is being pushed into the the comes into Splunk...
by reubenjoseph Explorer in Splunk Enterprise Security 09-11-2018
0 3
0
3
fatboy3388

how to compare different field value and list out the result?

Hi, All i want to do is just find out email event which the (sender_email _address) is different with the (return_a...
by fatboy3388 New Member in Splunk Enterprise Security 09-09-2018
0 5
0
5
agcorreia_asml

McAFee DLP logs into splunk.

Hi guys, Does anyone have successfully get the DLP incident logs from ePO to Mcafee? I'm using dbconnect with epo APP...
by agcorreia_asml Engager in Splunk Enterprise Security 09-08-2018
2 5
2
5
rajanshrivastav

Why the alert drill-down doesn’t seem to be functional under incident review page after app upgrade to 4.7.6?

I'm not able to close notable alerts in the Incident Review but now the alert drill-down doesn’t seem to be functiona...
by rajanshrivastav Path Finder in Splunk Enterprise Security 09-08-2018
0 1
0
1
austincisneros

Is Splunk certified Hippa compliant?

I have medical compliance questions from Auditors about the certification through CMS www.cms.gov They have tried to ...
by austincisneros New Member in Splunk Enterprise Security 09-07-2018
0 3
0
3
RicoSuave

Notable Event Suppression Keys: Why are there periodic duplicate notable events in the search head cluster (SHC)?

I am experiencing periodic duplicate notable events in my search head cluster. I have a feeling this has something to...
by RicoSuave Builder in Splunk Enterprise Security 09-07-2018
0 1
0
1
christianubeda

How do I import a CSV to compare the information with Splunk?

Hello team! I'm new and I need some help, I would like to be able to upload information that is in a CSV to Splunk....
by christianubeda Path Finder in Splunk Enterprise Security 09-07-2018
0 11
0
11
christianubeda

How to upload a CSV file daily and compare it with a search?

Hello team! I'm new to this and I need help. I would like to upload a CSV file with the following structure to Splun...
by christianubeda Path Finder in Splunk Enterprise Security 09-07-2018
0 0
0
0
tfrandsen

cvss score result not available in Splunk Enterprise Security module

Hi Experts, I am trying to setup a glasstable containing the result from cvss score field. I seem to get other res...
by tfrandsen New Member in Splunk Enterprise Security 09-06-2018
0 6
0
6
rajanshrivastav

Why is "Edit notable events section" on incident review page not visible?

I'm not getting edit option in incident review page under SplunkEnterpriseSecuritySuite. I'm using Splunk App for En...
by rajanshrivastav Path Finder in Splunk Enterprise Security 09-06-2018
0 4
0
4
pradeep577

Has anybody made a threat feed to firewall rule?

Hi, Has anybody tried the below scenario? If yes, can I get some guidance? Malicious IPs are shown on Splunk dashbo...
by pradeep577 Path Finder in Splunk Enterprise Security 09-05-2018
0 0
0
0
nisargsoni

The 'description' field is not displaying anywhere on Threat Intelligence dashboard from 'local_domain_intel' lookup. Where will it be populated on the dashboard?

We have integrated our Splunk add-on with Splunk Enterprise Security (Threat Intelligence) where we have scheduled a ...
by nisargsoni New Member in Splunk Enterprise Security 09-05-2018
0 1
0
1
pradyumnkumar

how to create rule if user visiting any malicious domain matches in Phishtank.com

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the...
by pradyumnkumar New Member in Splunk Enterprise Security 09-02-2018
0 2
0
2
neermine

Will someone help me understand the following alert?

Hello! Can any one explain to me what's the problem ?
by neermine Path Finder in Splunk Enterprise Security 09-01-2018
0 1
0
1
edwardrose

Why is ES changing Investigation Timeline Timestamp When Printing?

Hello All, We have just completed an upgrade to Splunk Base 7.1.2 and ES 5.1. We have a couple of ongoing investiga...
by edwardrose Contributor in Splunk Enterprise Security 08-31-2018
0 1
0
1
ahendler1

Splunk SPL - How to extract associated logs from stats queries?

Hello, I have a search which returns the moving average # of logs for a 12hr period (1hr prior) and the most recent ...
by ahendler1 Explorer in Splunk Enterprise Security 08-31-2018
0 3
0
3
rubacker527

Wildfire Adaptive Response – Where do the results of the submission go?

I get a success status back after submitting the URL to AR for Wildfire, but I'm unable to find any response back fro...
by rubacker527 Engager in Splunk Enterprise Security 08-31-2018
0 0
0
0
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
Top Solution Authors
View All