Splunk Enterprise Security

Community Activity

Feature request: Splunk ES investigation collaborator groups I request that there be the ability to create groups of users in enterprise security so that when you need to add the... by japo86 New Member in Splunk Enterprise Security 08-02-2024 0 1	0	1
Getting "unsupported certificate purpose" ERROR when enabling SSL on management port with requireClientCert = true? Hi All, I want to enable SSL for Splunk management port(8089) for securing inter-splunk communications. I have below ... by vtalanki Path Finder in Splunk Enterprise Security 08-01-2024 0 4	0	4
Adding key indicator search to custom dashboard in Splunk Enterprise Security Hello,I'm trying to add new/existing key indicator searches to my dashboard in ES, but the edit toolbar does not have... by ThuLe Explorer in Splunk Enterprise Security 07-30-2024 0 3	0	3
FULL STORAGE IN Deployment Server I am wondering why Deployment Server is full and the only stored in this server is Deployment Server Ta’s and .Conf t... by Unnamed16 Loves-to-Learn in Splunk Enterprise Security 07-22-2024 0 2	0	2
Noteable Event Supression Is it possible to use a lookup file in the Noteble Event supression say to look up a list of assets/enviroments that ... by Rhidian Path Finder in Splunk Enterprise Security 07-18-2024 0 4	0	4
Unable to Save Scheduled Search in Custom Content in Splunk Security Essentials Hello community,I'm encountering an issue while working with custom content in Splunk Security Essentials. I have cre... by p4u New Member in Splunk Enterprise Security 07-17-2024 0 0	0	0
How do I set the security_domain in a notable event? All, I have an alert, which creates a notable event in Splunk ES 5.0. Working pretty good, but I can't set the secu... by daniel333 Builder in Splunk Enterprise Security 07-08-2024 0 4	0	4
Correlation Search does not fire an email or notable when it should I have this correction search we use to help detect common potential web attacks in IIS logs. The problem is that whi... by zpadams New Member in Splunk Enterprise Security 07-02-2024 0 2	0	2
Security Essentials not showing/mapping MITRE & cyber kill chain When using Pplunks security essentials : MITRE ATT&CK Framework we are lacking a significant amount of alerts. w... by AcePilot Engager in Splunk Enterprise Security 06-28-2024 1 0	1	0
Are there plans to make the Bit9 Security Platform CIM Compliant? Are there any future plans to make this app CIM compliant? We are using the Enterprise Security app which requires a... by robert_miller Path Finder in Splunk Enterprise Security 06-26-2024 1 10	1	10
Splunk Cloud Hybrid Infrastructure So I have Splunk Cloud, but we still use a Heavy Forwarder, Universal Forwarder and a Deployment server. The UF serve... by kruane Explorer in Splunk Enterprise Security 06-13-2024 0 1	0	1
MS SQL Audit files not parsing Hi all,I am trying to integrate MS SQL audit log data with a UF instead of DB Connect.What is the best and recommende... by rahulhari88 Explorer in Splunk Enterprise Security 06-08-2024 0 5	0	5
how do I make splunk es to check my uploaded logs I have installed splunk es app and uploaded botsv1.stream_http.json (https://github.com/splunk/attack_data)but incide... by testttt Observer in Splunk Enterprise Security 06-06-2024 0 2	0	2
Invalid message type: 28 during Splunk ES 7.1 Upgrade Getting this error via UI upgrade to Splunk 7.1: Invalid message type: 28We're on version 9.0.4. Previous upgrade w... by youngsuh Contributor in Splunk Enterprise Security 05-28-2024 0 3	0	3
How to get a Full Encoded Command from a Notable We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists th... by CSNinja New Member in Splunk Enterprise Security 05-25-2024 0 2	0	2
Help creating a table that shows Incident Review Mean Time to Triage for each type of notable per notable owner Hello, This is my first time seeking help in a forum, I apologize if my ask is confusing. I'm looking to pull the... by LionWolf Explorer in Splunk Enterprise Security 05-13-2024 0 4	0	4
SOC Analyst's work with Splunk ES Hello, Splunkers!I hope there are some SOC analysts around who are using Splunk Enterprise and Splunk ES in their wor... by splunky_diamond Path Finder in Splunk Enterprise Security 05-05-2024 0 3	0	3
Read Only Executive Summary Splunk ES Is there a way to give a user read-only access to only a specific dashboard on Splunk ES such as the Executive Summar... by treven Explorer in Splunk Enterprise Security 05-03-2024 0 3	0	3
Splunk App for Enterprise Security: How to edit the Threat Intelligience Data Model to include a field within the sourcetype? So within the Enterprise Security App, there is the built-in threat activity dashboard. One of panels shows your sour... by santorof Communicator in Splunk Enterprise Security 05-01-2024 2 5	2	5
Splunk Enterprise Security Correlation Searches resources consumption Hello Splunk community! I have started my journey with splunk one month ago and I am currently learning Splunk Enterp... by splunky_diamond Path Finder in Splunk Enterprise Security 04-28-2024 0 3	0	3
Splunk Enterprise Security -> Incident Review -> What capability is required to "Edit Selected" In the Incident Review panel, we select a Notable Event, click on Edit Selected and a form pops up. I chose the first... by pkeller Contributor in Splunk Enterprise Security 04-23-2024 0 3	0	3
Difference between ES Permissions page and Splunk native edit role page Hello,does editing ES roles on Permissions page is same as editing ES roles in Splunk's native edit role page?I guess... by splunkreal Influencer in Splunk Enterprise Security 04-10-2024 0 3	0	3
Integrate SIEM in Splunk soar App started successfully (id: 1712665900147) on asset:Loaded action execution configurationexecuting action: test_as... by shubi New Member in Splunk Enterprise Security 04-09-2024 0 1	0	1
Use Case Do we have any content to detect "Moniker Link" - CVE-2024-21413 by mrkrabhishek New Member in Splunk Enterprise Security 04-07-2024 0 1	0	1
I'd like to format the Notable Event Description with spaces, bolding, and italics I've tried using html codes like <p> or <b>test</b> and it makes no difference. I'd like to format a much more compl... by mjones414 Contributor in Splunk Enterprise Security 04-07-2024 0 1	0	1