Splunk Enterprise Security

Discussions

Thread Info

How can I monitor VMware Horizon View with Splunk?

I’m running VMWare Horizon View 7 in my organization. Now with COVID-19 Shelter in place we all need to WFH. How do I...

by Path Finder in

Splunk ES - Threat Intelligence TAXII feed not Working in Splunk Cloud

Hey Guys, We are in a Splunk Cloud environment with ES, and we have added our own TAXII feed as well as some open ...

by Engager in

What are the CIM fields created by the Windows TA?

Hi, I´m looking for a list of all CIM fileds that are created by the Windows TA... I can´t find any doku... T...

by Path Finder in

Possible for one Splunk ES for different Splunk Enterprise?

Hi, Currently, my company has 2 sites (let's say Site A and Site B), and each of them have their own Splunk Enterpr...

by New Member in

Splunk 8 python 2.7 for an app

Hello, I'm trying to force an app to use python 2.7 on a Splunk 8 with enterprise security. The config in serve...

by Explorer in

STIX TAXII Data Not Showing On Some Days

The FS-ISAC Threat Intelligence STIX TAXII has been enabled in our environment. We received all IOCs from 4/2 but did...

by New Member in

How to apply Throttling based on a condition for a notable event generation?

Requirement 1 :Eg : I have a correlation search which generates , 2000 events with in 24 hours with the same Title "I...

by Path Finder in

Azure query

Hello I have this query: "| tstats `summariesonly` values(Authentication.app) as app,count from datamodel...

by Explorer in

Does anybody know what is the purpose of this formula in one splunk use case from the content library

Hello splunkers, While checking some use cases I found out one that I am interested of "Detect Spike in Network ACL...

by Explorer in

Splunk Enterprise Security: How to add fields to notable event after invoking adaptive response action?

Hi, I am wondering if it is possible to have my adaptive response actions append fields to the notable which trigg...

by Explorer in

How can we monitor if a user clicked on a phishing link or button in an email?

Hi everybody, We have a stream forwarder which sends every mail that enters in an index. It contains everything fro...

by Communicator in

list of events alerted last month

With this query I can see the notable events that are currently active. But not everyone has been alerted even if t...

by Contributor in

Splunk Enterprise Security installation error

I have created web.conf file with [settings] max_upload_size = 1024. But im getting error that says [The entity sent ...

by Observer in

JSON to CIM mapping

Hi All, We have a scripted input, which indexes JSON data into Splunk and using SPATH we have writing our correlat...

by Explorer in

Splunk Web scripts and Splunk enterprise Scripts

Can someone help me understand the difference between Splunk Web and Splunk enterprise? and the Python scripts that i...

by Observer in

how to get syslog data from prisma-cloud to splunk??

in My cloud different tools are there like jira,servicenow and there i can send alert notification to that tools ...

by Explorer in

Help with a query

Hi All I have this query index=checkpoint sourcetype=opsec:anti_virus OR sourcetype=opsec:anti_malware Prote...

by Explorer in

Change Time Format of ldapsearch attribute AccountExpired

Hi all, I have been trying to make a search where i can monitor the expired user accounts. So far i have this ...

by Communicator in

addon page not found

after installing nagios addon on splunk web showing page not found is there anyone who can help on this???

by Path Finder in

Problem with a query

Hi Need you help please with a query; "| tstats summariesonly=true allow_old_summaries=true dc(Malware_Attack...

by Explorer in

Splunk Enterprise Security

Discussions

How can I monitor VMware Horizon View with Splunk?

Splunk ES - Threat Intelligence TAXII feed not Working in Splunk Cloud

What are the CIM fields created by the Windows TA?

Possible for one Splunk ES for different Splunk Enterprise?

Splunk 8 python 2.7 for an app

STIX TAXII Data Not Showing On Some Days

How to apply Throttling based on a condition for a notable event generation?

Azure query

Does anybody know what is the purpose of this formula in one splunk use case from the content library

Splunk Enterprise Security: How to add fields to notable event after invoking adaptive response action?

How can we monitor if a user clicked on a phishing link or button in an email?

list of events alerted last month

Splunk Enterprise Security installation error

JSON to CIM mapping

Splunk Web scripts and Splunk enterprise Scripts

how to get syslog data from prisma-cloud to splunk??

Help with a query

Change Time Format of ldapsearch attribute AccountExpired

addon page not found

Problem with a query

Security Essentials / MITRE ATT&CK

Parsing the "_raw" field of Splunk Python SDK resu...

Missed macro ec2_excessive_terminateinstances_mltk...

MITRE-ATTACK latest threat list can not be downloa...

Failing to add Threat Intelligence Feed to Splunk ...