Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

OpenLDAP add-on fields extraction

I recently installed openldap add-on on both splunk cloud instance and splunk enterprise security instance https:/...

by New Member in

Splunk architectural design - global search head

Hi, I need someone to shed me some light on what is the best approach for me on changing my splunk architecture. C...

by Explorer in

How to access Threat Grid thru workflow action in Enterprise Security

Looking for a way to create a workflow action in ES, to research URL and IP addresses.

by Path Finder in

Feature Request: Pivot to Search App or Dashboard.

Feature Request: Pivot to Search App or Dashboard. This would allow to leverage already created dashboards and openin...

by New Member in

How to get diff between previous day vs current?

the below search provides me info on failed logins for the past month, for example the last four fridays now i want t...

by Path Finder in

how to create a threshold alert based on previous data?

I started off with the following search which gives me failed authentication to cisco acs on a daily basis, now i wan...

by Explorer in

I am trying to integrate couple of security devices with Splunk, if any body does this already, please let me know the integration process and version compatibility for vendor software.

Does anybody integrated Imperva DAM with Splunk? if yes what is the process and version compatibility with Splunk? Do...

by New Member in

Does Splunk ES live entirely within etc/apps?

Is there any component that makes Splunk ES tick, which isn't inside the directory etc/apps?

by Explorer in

Comparison chart of data indexed per index over one week

Greetings Splunkers, My question is two fold. I'm in need of an SPL that will show how much data was indexed p...

by Explorer in

Using certificate-based auth for a TAXII Threat Intel download?

I notice that Splice was deprecated as ES (allegedly) did everything Splice did, however one thing Splice supported t...

by Path Finder in

modular_actions_invocations macro

Hi all, Does anyone have any knowledge or understanding with the macro "modular_actions_invocations(2)"? This is a...

by Explorer in

alert triggered but ip not available in csv

Hello Folks, I have enabled a notable in ES_app, which triggers if it finds any ip available from local_ip_intel.c...

by Communicator in

Complex RegEx Capturing Group Assistance

Complex RegEx Capturing Group Assistance I have a couple similar cases where I am struggling to get the desired fi...

by Engager in

How to resolve replication errors on knowledge bundle size over 200MB due to Splunk Enterprise Security identities and assets?

Hi, I'm looking for some answer and suggestion how I could decrease/workaround the knowledge bundle replication er...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Enterprise Security

Discussions

OpenLDAP add-on fields extraction

Splunk architectural design - global search head

How to access Threat Grid thru workflow action in Enterprise Security

Feature Request: Pivot to Search App or Dashboard.

How to get diff between previous day vs current?

how to create a threshold alert based on previous data?

I am trying to integrate couple of security devices with Splunk, if any body does this already, please let me know the integration process and version compatibility for vendor software.

Does Splunk ES live entirely within etc/apps?

Comparison chart of data indexed per index over one week

Using certificate-based auth for a TAXII Threat Intel download?

modular_actions_invocations macro

alert triggered but ip not available in csv

Complex RegEx Capturing Group Assistance

How to resolve replication errors on knowledge bundle size over 200MB due to Splunk Enterprise Security identities and assets?

How to populate malware_alias with TAXII feeds?

Splunk - Enterprise Security - Disable Splunk Web Messages

How to find time values that are over 90 days old?

How to create matching log with CIM "proxy" data model to see information in ES?

Is it possible to manually add values to a dashboard panel?

Retrieve/download the original source file(s) after a search

Problem in using Cortex as Response Action in Splu...

How to put Limit on "edit Selected" option for the...

Is throttling based on trigger time? How do we dec...

What should be the source type for AWS KMS logs to...

Single Enterprise Security searchhead cluster conn...