Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
wlight600
Hi! I'm creating custom alert action. I can use my alert action in save alert and Correlation search. But I meet ...
by wlight600 Engager in Splunk Enterprise Security 09-10-2024
0 14
0
14
tdth
Hi all,Has anyone had experience matching Linux audit logs to CIM before?I installed the Add-on for Unix and Linux, b...
by tdth Explorer in Splunk Enterprise Security 09-06-2024
0 3
0
3
zksvc
I Have 60 Correlation Search in Content Management Some of my Correlation Search doesn't trigger to Incident Review b...
by zksvc Contributor in Splunk Enterprise Security 09-05-2024
0 0
0
0
tuts
Hello, I am currently working in a SOC, and I want to test rules in Splunk ES using the BOTSv2 dataset. How can I con...
by tuts Path Finder in Splunk Enterprise Security 09-03-2024
0 1
0
1
corti77
Hi,I am testing the Security Essentials App 3.8.0 in Splunk 9.0.8, and I found the same issue while trying to activat...
by corti77 Contributor in Splunk Enterprise Security 09-02-2024
0 4
0
4
tadecleid
I found a similar post that did not quite fit the bill of what I am trying to do.I want to be able to create a link g...
by tadecleid New Member in Splunk Enterprise Security 09-02-2024
0 0
0
0
splunk_user9968
I would like to create a search with data models where my event id is 39. However, there is no datamodel that fulfill...
by splunk_user9968 New Member in Splunk Enterprise Security 08-27-2024
0 1
0
1
f_666dhn
I have lookup file bad_domain.csvbaddomain.combaddomain2.combaddomain3.com Then i want to search from proxy log, who ...
by f_666dhn Explorer in Splunk Enterprise Security 08-13-2024
0 1
0
1
japo86
I request that there be the ability to create groups of users in enterprise security so that when you need to add the...
by japo86 New Member in Splunk Enterprise Security 08-02-2024
0 1
0
1
vtalanki
Hi All, I want to enable SSL for Splunk management port(8089) for securing inter-splunk communications. I have below ...
by vtalanki Path Finder in Splunk Enterprise Security 08-01-2024
0 4
0
4
ThuLe
Hello,I'm trying to add new/existing key indicator searches to my dashboard in ES, but the edit toolbar does not have...
by ThuLe Explorer in Splunk Enterprise Security 07-30-2024
0 3
0
3
Unnamed16
I am wondering why Deployment Server is full and the only stored in this server is Deployment Server Ta’s and .Conf t...
by Unnamed16 Loves-to-Learn in Splunk Enterprise Security 07-22-2024
0 2
0
2
Rhidian
Is it possible to use a lookup file in the Noteble Event supression say to look up a list of assets/enviroments that ...
by Rhidian Path Finder in Splunk Enterprise Security 07-18-2024
0 4
0
4
p4u
Hello community,I'm encountering an issue while working with custom content in Splunk Security Essentials. I have cre...
by p4u New Member in Splunk Enterprise Security 07-17-2024
0 0
0
0
daniel333
All, I have an alert, which creates a notable event in Splunk ES 5.0. Working pretty good, but I can't set the secu...
by daniel333 Builder in Splunk Enterprise Security 07-08-2024
0 4
0
4
zpadams
I have this correction search we use to help detect common potential web attacks in IIS logs. The problem is that whi...
by zpadams New Member in Splunk Enterprise Security 07-02-2024
0 2
0
2
AcePilot
 When using Pplunks  security essentials :  MITRE ATT&CK Framework  we are lacking a significant amount of alerts.  w...
by AcePilot Engager in Splunk Enterprise Security 06-28-2024
1 0
1
0
robert_miller
Are there any future plans to make this app CIM compliant? We are using the Enterprise Security app which requires a...
by robert_miller Path Finder in Splunk Enterprise Security 06-26-2024
1 10
1
10
kruane
So I have Splunk Cloud, but we still use a Heavy Forwarder, Universal Forwarder and a Deployment server. The UF serve...
by kruane Explorer in Splunk Enterprise Security 06-13-2024
0 1
0
1
rahulhari88
Hi all,I am trying to integrate MS SQL audit log data with a UF instead of DB Connect.What is the best and recommende...
by rahulhari88 Explorer in Splunk Enterprise Security 06-08-2024
0 5
0
5
testttt
I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data)but incide...
by testttt Observer in Splunk Enterprise Security 06-06-2024
0 2
0
2
youngsuh
Getting this error via UI upgrade to Splunk 7.1:  Invalid message type: 28We're on version 9.0.4.  Previous upgrade w...
by youngsuh Contributor in Splunk Enterprise Security 05-28-2024
0 3
0
3
CSNinja
We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists th...
by CSNinja New Member in Splunk Enterprise Security 05-25-2024
0 2
0
2
LionWolf
Hello,   This is my first time seeking help in a forum, I apologize if my ask is confusing.   I'm looking to pull the...
by LionWolf Explorer in Splunk Enterprise Security 05-13-2024
0 4
0
4
splunky_diamond
Hello, Splunkers!I hope there are some SOC analysts around who are using Splunk Enterprise and Splunk ES in their wor...
by splunky_diamond Path Finder in Splunk Enterprise Security 05-05-2024
0 3
0
3
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...