Splunk Enterprise Security

Community Activity

Will someone help me understand the following alert? Hello! Can any one explain to me what's the problem ? by neermine Path Finder in Splunk Enterprise Security 09-01-2018 0 1	0	1
Why is ES changing Investigation Timeline Timestamp When Printing? Hello All, We have just completed an upgrade to Splunk Base 7.1.2 and ES 5.1. We have a couple of ongoing investiga... by edwardrose Contributor in Splunk Enterprise Security 08-31-2018 0 1	0	1
Splunk SPL - How to extract associated logs from stats queries? Hello, I have a search which returns the moving average # of logs for a 12hr period (1hr prior) and the most recent ... by ahendler1 Explorer in Splunk Enterprise Security 08-31-2018 0 3	0	3
Wildfire Adaptive Response – Where do the results of the submission go? I get a success status back after submitting the URL to AR for Wildfire, but I'm unable to find any response back fro... by rubacker527 Engager in Splunk Enterprise Security 08-31-2018 0 0	0	0
owasp top 10 HI, can I get help on splunk query to find attacks on my external website like Cross site script, SQLi, RFI etc. by pradeep577 Path Finder in Splunk Enterprise Security 08-31-2018 0 1	0	1
can I use pingstatus on splunk version 7.x.x? As per https://splunkbase.splunk.com/app/507/, pingstatus is only supported on Splunk Versions: 6.2, 6.1, 6.0, 5.0. ... by utk123 Path Finder in Splunk Enterprise Security 08-30-2018 0 2	0	2
TCP/UDP flood src_ip/dest_ip = 0.0.0.0 Why? Hi team! It's my very first time and I need help. I want to undertands why these IPs are 0.0.0.0 Here the log, ... by christianubeda Path Finder in Splunk Enterprise Security 08-30-2018 0 0	0	0
How do you make a report of users using 'X' dashboard in Splunk? Looking for the report of who are using X dashboard in Splunk. Is there any Query for this? Thanks in Advance by manideep6669 Engager in Splunk Enterprise Security 08-29-2018 0 1	0	1
How do I create a search which detects password changes and finds the last time the password was changed? Hello, I am working on a Splunk search to see which users have changed their passwords more than a specific number o... by eputnam Engager in Splunk Enterprise Security 08-29-2018 1 2	1	2
Can you help me create a search that returns Audit AD Login\Logoff data? I need to perform a security audit on a particular user. I need to enter in specific username = example mydomain\ji... by jstump1972 New Member in Splunk Enterprise Security 08-29-2018 0 0	0	0
Splunk TA installation location I am trying to install the Rapid 7 TA. The document doesn't really give any good information. There are no searches, ... by jmcclure8 New Member in Splunk Enterprise Security 08-29-2018 0 2	0	2
Active Directory - Event ID 4738 - Message Fields I seem to be having some issues working with AD event ID 4738. Unless I am doing or reading something wrong, one of t... by fzuazo Path Finder in Splunk Enterprise Security 08-28-2018 1 0	1	0
Splunk ES: Why are all Security Indicators under Threat Activity reporting '0'? Hi, Under Threat Activity, all the indicators report "0" all the time regardless of the search parameters. When clic... by att35 Builder in Splunk Enterprise Security 08-28-2018 0 0	0	0
How to add an extra event field to the ePO query using DB connect 2.4 and ePO 5.3? Additional information: I'm not confident on the left join syntax, but the query appears to fail before it gets to th... by Ohiotech Explorer in Splunk Enterprise Security 08-27-2018 0 3	0	3
In Splunk Enterprise, I use \|rest /services/authentication/users/ to get a list of users. How can I do the same in Splunk-ES? I need a list of admins and also users from Splunk-ES to list in an audit dashboard. by dcrooks_cbp New Member in Splunk Enterprise Security 08-27-2018 0 7	0	7
Does Splunk_TA_microsoft_dns need to be deployed to every domain controller? All, I am looking at Splunk_TA_microsoft_dns. We deployed it to every domain controller, but I was wondering if we ... by daniel333 Builder in Splunk Enterprise Security 08-24-2018 0 0	0	0
Why is the Splunk Enterprise Security Malware Center not displaying infection counts? All, I have installed Splunk Enterprise Security (ES) and the Clam AV apps. Searching tag=malware tag=attack works,... by daniel333 Builder in Splunk Enterprise Security 08-23-2018 0 2	0	2
Is there a way to add entire roles as collaborators to an investigation rather than just one at a time? Hi all, I'm using ES 4.7.3 and as far as I know there is only the option to add collaborators one at a time to an in... by jadamsplunk Path Finder in Splunk Enterprise Security 08-23-2018 1 0	1	0
How to onboard System32\winevt\Logs\Microsoft-Windows-DNSServer%4Audit.evtx In my server I want to onboard DNS Audit logs in addition to DNS Events. DNS Audit logs are getting created in C:\Wi... by Rishabh_McKc Explorer in Splunk Enterprise Security 08-23-2018 0 3	0	3
Splunk ES Incident dashboard not working with Splunk Enterprise 7.1.2 We upgraded our Splunk enterprise to 7.1.2 from 7.0 version in a SH that has Splunk ES version 4.7.2. After the upgr... by teddyidc1101 Communicator in Splunk Enterprise Security 08-22-2018 0 1	0	1
Splunk enterprise security in VM What is the system requirement for Virtual Machines for installing Splunk Enterprise Security? by teddyidc1101 Communicator in Splunk Enterprise Security 08-21-2018 0 1	0	1
How to capture value between two dates and a time string? Hi, How can I capture the the text between the first and second date and time strings. Using the example event bel... by Splunkuser542 Explorer in Splunk Enterprise Security 08-21-2018 0 2	0	2
Aggregate function ignore null values Hello all, I am new to splunk, By following string i get a graph of risk: index="iniatva_linux" Risk=Critical OR... by Ropermark New Member in Splunk Enterprise Security 08-21-2018 0 1	0	1
Difference between the results from a visualizations and a regular search Hi there, I have a strange situation. When I'm using a base search into a dashboard, I have displayed only 4 devices... by cristiad New Member in Splunk Enterprise Security 08-21-2018 0 4	0	4
AWS SQS - Api calls using http only? I have configured the AWS Add-On for Splunk and want to ingest logs from an S3 bucket by following the Splunk recomm... by Stokers_23 Explorer in Splunk Enterprise Security 08-16-2018 1 0	1	0