Splunk Enterprise Security

Thread Info

How to create matching log with CIM "proxy" data model to see information in ES?

I'm receiving logs from a Barracuda Web Security Gateway into splunk. I've created a field extraction rule inline, ge...

by Explorer in

Is it possible to manually add values to a dashboard panel?

I am trying to count the number of events that I am unable to send to Splunk. I need these in a dashboard where I can...

by New Member in

Retrieve/download the original source file(s) after a search

Is there a way to download the sourcefile in the web interface or does it have to be done through the CLI? If it is d...

by Engager in

How can I compare the bandwidth usage of a specific category to the bandwidth usage of all categories combined?

For some reason I'm hitting a wall on the logic of this search. I'm working with Palo Alto logs and the fields i'm in...

by Path Finder in

Splunk ES: collecting Assets from vCenter

Is there a suggested collection method for Assets (for Splunk ES), from vCenter? I see the page "Collect and extra...

by Explorer in

Error after installnig Splunk Enterprise Security 5.0 Install on 6.3 leads to web integer literal error

I installed 6.3 Splunk Enterprise and then went to install Splunk Enterprise Security 5.0 SPL and after the installat...

by Engager in

Unable to install PhishTank app in Splunk ES

Hi Nimish Doshi, We are unable to install the phish tank app in our splunk instance. We reached to our support tea...

by New Member in

Splunk CIM Validator: Issue Field validation error "no validation regex was found to evaluate"

While validating the varonis logs using Splunk CIM Validator App, I am getting following error "no validation regex w...

by Engager in

Is it possible to resolve remote hostname using most recent DNS query by local hostname?

I'm new to Splunk and it is not quite clear to me how one would assign hostnames to remote computers based on the DNS...

by New Member in

Multple Enterprise Security clusters to one search peer pool

Is it possible to have two instances of ES searching the same search peer pool?

by Explorer in

Splunk ES tutorials and sample data dump

I have used that search tutorials for splunk. Is there any similar one splunk ES?!?! For splunk, there is a tutori...

by SplunkTrust in

Dnstwist full TLD list

This is more of a feature request than a proper question. Is it possible to generate the a full tld list instead ...

by Explorer in

Splunk Add-on for Unix and Linux vs Linux Auditd

Hello, For planned test environment with ES I'm trying to see what fit better to my scenario. I can see that Splun...

by Path Finder in

Filtering non-compliant Machines from forescout logs

We have events feeding into splunk from ForeScout logs (no forescout APP) and i would like to filter it so that only ...

by New Member in

Enterprise Security in Splunk 7.1

There appears to be issues with Splunk Enterprise on Splunk 7.1 Is there a reason that the Incident Review "Urgenc...

by Path Finder in

Using REX field Command How?

06/02/2018 06:00:37 AM LogName=Application SourceName=MSSQLSERVER EventCode=18456 EventType=0 Type=Information Comput...

by New Member in

May I have a help to configure wildcard usage in lookup table?

Hello, I’d like to configure a wildcard usage for a lookup table, but unfortunately I’m not a Splunk guru and prob...

by Communicator in

Splunk CIM mismatch type for tags

Not sure how to fix this, but for some reason the tags showing up in Search > Datasets > Intrusion Detection > IDS A...

by Builder in

Why Splunk CIM does not apply tags but 'Search & Reporting' does?

Within Splunk ES, I have two tags applied based on Event types and cannot for the life of me get it to apply when att...

by Builder in

Why aren't my IDS logs populating the Intrusion Detection data model?

I am using Splunk ES and trying to match my IDS logs to the Intrusion Detection data model. I thought I did all prepa...

by Builder in

Is it possible to use a comparison / conditional functions with a lookup?

Hello, I’d like to create an alert on ransomware detections. I have file events logs and their most important fiel...

by Communicator in

After collecting all the logs and writing search quarries, How to do incident management and develop use-cases, and security playbooks.

After collecting all the logs and writing search quarries, How to do incident management and develop use-cases, and s...

by Engager in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

How to create matching log with CIM "proxy" data model to see information in ES?

Is it possible to manually add values to a dashboard panel?

Retrieve/download the original source file(s) after a search

How can I compare the bandwidth usage of a specific category to the bandwidth usage of all categories combined?

Splunk ES: collecting Assets from vCenter

Error after installnig Splunk Enterprise Security 5.0 Install on 6.3 leads to web integer literal error

Unable to install PhishTank app in Splunk ES

Splunk CIM Validator: Issue Field validation error "no validation regex was found to evaluate"

Is it possible to resolve remote hostname using most recent DNS query by local hostname?

Multple Enterprise Security clusters to one search peer pool

Splunk ES tutorials and sample data dump

Dnstwist full TLD list

Splunk Add-on for Unix and Linux vs Linux Auditd

Filtering non-compliant Machines from forescout logs

Enterprise Security in Splunk 7.1

Using REX field Command How?

May I have a help to configure wildcard usage in lookup table?

Splunk CIM mismatch type for tags

Why Splunk CIM does not apply tags but 'Search & Reporting' does?

Why aren't my IDS logs populating the Intrusion Detection data model?

Is it possible to use a comparison / conditional functions with a lookup?

After collecting all the logs and writing search quarries, How to do incident management and develop use-cases, and security playbooks.

Submit and Extract xml data

Can anyone recommend a relevant public malware domain list?

Event ID 4738 - How to alert when source user and target user are the same ?

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions