Splunk Enterprise Security

Discussions

Thread Info

Reassigning Ownership of all items in Splunk

We have an employee that left the company and we need to re-assign ownership to a new person. Is there a way to do a ...

by New Member in

Enterprise Security: is it a good practice to "force" certain fields to exist at the macro level?

The cim_Authentication_indexes is defined, in our case, as (index=wineventlog OR index=<linux> OR index=<rsa> OR ...)...

by Motivator in

How do I run a splunk query to find traffic activities on a specific host name

Hello, I am trying to figure out how to run a query in my splunk environment to find all the traffic activities of a ...

by New Member in

Enterprise Security : Is there a demo/video of the Incident Review section?

The team here is not satisfied with the capabilities, workflow of the Incident Review section of ES. Is there a nice ...

by Motivator in

splunk Enterprise security

I created few correlation searches notable events in Enterprise security and in Incident Review - Table Attributes I ...

by Explorer in

retrieve the messages from the banner at the top of the UI and create a Dasboard

Hi All, Request you to post the query for retrieving messages displayed on the top of the UI so that a Dashboard/r...

by Explorer in

Enterprise Security: How do we enable automatic updates by the ESCU?

We are wondering how to enable the automatic updates by the ESCU. We have it working fine but it doesn't seem to fetc...

by Motivator in

Enterprise Security: why is the src_user a recommended field for the Authentication datamodel?

src_user shows only 5 or so of percent_coverage in the cim_validator for our Windows data. Fields for Authenticati...

by Motivator in

Splunk nobody user vs Service User

Hi All, We have an environment where the owner of all the Dashboards/Alerts is user 'nobody'. Are there any disadv...

by Explorer in

Fail on start splunk after the upgrade of Splunk Enterprise Security from v4.7.0 to 5.3.1.

After upgrade to Splunk Enterprise Security v 5.3.1, fail on startup with the following error: [root@splunk02 bin]...

by Engager in

Kaspersky security center mapping to Enterprise Security

I've recently indexed kaspersky security center 10 data in splunk, but malware center in enterprise security showed n...

by New Member in

SPL for Correlation search in enterprise security?

index=email | transaction mid icid | stats count(recipient) as receipent_count by sender | where receipent_count>1...

by Explorer in

Rename existing correlation search Title

Hi Fellows, I need to change the title of existing correlation search which I am not able to do as the options are...

by Explorer in

Problem with threat notables on Splunk ES

Hello , We have a Splunk ES 5.1.0 application installed on Splunk Entreprise version 7.2.0. We need to collect...

by Path Finder in

MLTK: Does it support multi-output classification?

Does the MLTK support multi-output classification, i.e., more than 1 predicted field? Thank you.

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Reassigning Ownership of all items in Splunk

Enterprise Security: is it a good practice to "force" certain fields to exist at the macro level?

How do I run a splunk query to find traffic activities on a specific host name

Enterprise Security : Is there a demo/video of the Incident Review section?

splunk Enterprise security

retrieve the messages from the banner at the top of the UI and create a Dasboard

Enterprise Security: How do we enable automatic updates by the ESCU?

Enterprise Security: why is the src_user a recommended field for the Authentication datamodel?

Splunk nobody user vs Service User

Fail on start splunk after the upgrade of Splunk Enterprise Security from v4.7.0 to 5.3.1.

Kaspersky security center mapping to Enterprise Security

SPL for Correlation search in enterprise security?

Rename existing correlation search Title

Problem with threat notables on Splunk ES

MLTK: Does it support multi-output classification?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How can I automatically and evenly assign notables...

Risk-Based Alerting FAQs

threat intelligence upload not working too

Splunk Enterprise Security - permissions issue

Splunk Enterprise Security Install Error In Deploy...