Splunk Enterprise Security

Discussions

Thread Info

Can CORE Search function Like ES

In our DEV space we are running a single search head with ES installed. We have built identity lookups from our HR da...

by Path Finder in

Installation of Httpedgegrid on Search heads of Splunk ES

Hi How to install the Httpedgegrid on Search heads of Splunk Enterprise Security. @mayurr98

by Explorer in

AD FS integration with Splunk

I’m in the process of on-boarding ADFS as a authentication and authorization log source for a number of applications ...

by New Member in

Best Practice: Separating Dev/Test and Prod Notables in Incident Review

I'm looking to provide two separate ES incident review views: one for rules that are live, and another for new rules ...

by Explorer in

Missing buttons on ES "Configure Navigation" page

I'm trying to follow the "Customize the Menu Bar" steps in https://docs.splunk.com/Documentation/ES/5.0.0/Admin/Custo...

by Explorer in

Enterprise Security: Upgrading from 4.1.x to 4.7.x version on SHC

I was looking into upgrade of ES from 4.1.x version to 4.7.x version. (alongside Splunk). I can see ES changed dramat...

by Super Champion in

How to automatically generate shortIDs to link/share notables event on the ES Incident Review dashboard?,How to automatically generate shortIDs to link and share notable events on the ES Incident Review dashboard?

From the Incident Review dashboard > Actions is possible to Share Notable Events. To get the URL of the notable event...

by Explorer in

Splunk PCI Installation of indexes

Hello, I am installing Splunk PCI app 3.5.0 on an environment that is made of a Search Head and two indexers (not clu...

by Communicator in

How to add a custom lookup in Enterprise Security?

I have seen documents for this. As per document path should be below. Select Configure > Content Management. Click C...

by Path Finder in

Send ES notable events to third party API

Hello, I am trying to send notable events to third party API. Can I use webhook to POST notable event details on t...

by New Member in

Splunk App for Enterprise Security: How to add additional fields to events under "Incident Review"?

Hi, We have a requirement to add some additional fields to events under "Incident Review" for IOCs (I have looked ...

by Influencer in

Is there a way to add searchable splunk Notable Event metadata ?

All, I though it would be nice for PCI guy to search the top right by PCI DSS req, say like "10.1" its working fo...

by Builder in

Splunk enterprise security user acceptance test, test use cases

We deploying Splunk enterprise security ( SIEM) solution) and it is in the final implementation stage. does anyone ha...

by Explorer in

difference between firewall log management and Splunk Security Log management as a SIEM

by Engager in

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

Hi I would like to ask for help regarding how to match the first dropdown list to the 2nd dropdown list. Here the...

by New Member in

Integration: Splunk Enterprise Security (ES) to Anomali Limo?

Has anyone had luck defining Anomali Limo as a TAXII feed in Splunk Enterprise Security (ES)? Our internal STAXX a...

by New Member in

Add comment field in incident review page.

Can I add comment field as table attribute in incident review page. For that what would be field name so I can map it...

by Path Finder in

AutoJoin / Concatenate: How to add data to a column without reference?

Hi all, I want to add rows to a column for which values have no direct relationship with any data (a forced join) ...

by New Member in

I am searching for a query

I am new to Splunk (Enterprise Security) and I am stuck on making a certain correlation search. An example of the ...

by Engager in

Suggest some Cyberark and proofpoint Use cases

Hi All, I am working on Arcsight and i am seeing there are use cases available on Splunk for both the Proof point ...

by Path Finder in

Add lookup based source for ES

Looking over the clients configuration for adding a lookup based source for Enterprise Security Threat Intelligence, ...

by Contributor in

How to import oracle logs to Splunk to monitor DBA activities?

I would like to import oracle logs to Splunk to monitor DBA activities. How do I go about this? Any documentation wit...

by New Member in

What is considered a full back up of Search Head?

I am reading the upgrade instructions for ES 5.0. It indicates to take a full backup of the search head. Is that just...

by Path Finder in

Splunk Palo Alto Add-on 6.0.2 and Enterprise Security issue

I recently upgraded the Splunk Palo Alto Add-on from 3.8.0 to 6.0.2 on our ES search head. Since that change, the cat...

by Splunk Employee in

Splunk web is not accessible after installing ES 4.7, Socket error from x.x.x.x while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

i have installed ES 4.7 and it took long time to get installed (left it running last evening and this morning ES was ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Can CORE Search function Like ES

Installation of Httpedgegrid on Search heads of Splunk ES

AD FS integration with Splunk

Best Practice: Separating Dev/Test and Prod Notables in Incident Review

Missing buttons on ES "Configure Navigation" page

Enterprise Security: Upgrading from 4.1.x to 4.7.x version on SHC

How to automatically generate shortIDs to link/share notables event on the ES Incident Review dashboard?,How to automatically generate shortIDs to link and share notable events on the ES Incident Review dashboard?

Splunk PCI Installation of indexes

How to add a custom lookup in Enterprise Security?

Send ES notable events to third party API

Splunk App for Enterprise Security: How to add additional fields to events under "Incident Review"?

Is there a way to add searchable splunk Notable Event metadata ?

Splunk enterprise security user acceptance test, test use cases

difference between firewall log management and Splunk Security Log management as a SIEM

Why am I unable to match the 1st Dropdown List going to 2nd DropDown list using XML coding?

Integration: Splunk Enterprise Security (ES) to Anomali Limo?

Add comment field in incident review page.

AutoJoin / Concatenate: How to add data to a column without reference?

I am searching for a query

Suggest some Cyberark and proofpoint Use cases

Add lookup based source for ES

How to import oracle logs to Splunk to monitor DBA activities?

What is considered a full back up of Search Head?

Splunk Palo Alto Add-on 6.0.2 and Enterprise Security issue

Splunk web is not accessible after installing ES 4.7, Socket error from x.x.x.x while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code