Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
eldadintsights

How to populate malware_alias with TAXII feeds?

Hello everyone! Does anyone know how can I populate the "malware_alias" field with TAXII/STIX objects? I have tried ...
by eldadintsights New Member in Splunk Enterprise Security 06-20-2018
0 0
0
0
SMWickman

Splunk - Enterprise Security - Disable Splunk Web Messages

How can I selectively disable/suppress Splunk web messages? This one is quite a nuisance and quite obviously a bug of...
by SMWickman Explorer in Splunk Enterprise Security 06-19-2018
3 1
3
1
ajdyer2000

How to find time values that are over 90 days old?

Hi, I have 2 fields I would like to only display **lastLogonTimestamp** values that are over 90 days of the **_time...
by ajdyer2000 Path Finder in Splunk Enterprise Security 06-18-2018
0 5
0
5
DBuhler

How to create matching log with CIM "proxy" data model to see information in ES?

I'm receiving logs from a Barracuda Web Security Gateway into splunk. I've created a field extraction rule inline, ge...
by DBuhler Explorer in Splunk Enterprise Security 06-18-2018
1 4
1
4
nate_c

Is it possible to manually add values to a dashboard panel?

I am trying to count the number of events that I am unable to send to Splunk. I need these in a dashboard where I can...
by nate_c New Member in Splunk Enterprise Security 06-18-2018
0 1
0
1
memphisft3

Retrieve/download the original source file(s) after a search

Is there a way to download the sourcefile in the web interface or does it have to be done through the CLI? If it is d...
by memphisft3 Engager in Splunk Enterprise Security 06-17-2018
1 2
1
2
digital_alchemy

How can I compare the bandwidth usage of a specific category to the bandwidth usage of all categories combined?

For some reason I'm hitting a wall on the logic of this search. I'm working with Palo Alto logs and the fields i'm i...
by digital_alchemy Path Finder in Splunk Enterprise Security 06-16-2018
0 4
0
4
andrewaalin

Splunk ES: collecting Assets from vCenter

Is there a suggested collection method for Assets (for Splunk ES), from vCenter? I see the page "Collect and extract...
by andrewaalin Explorer in Splunk Enterprise Security 06-14-2018
0 4
0
4
doodoodonk

Error after installnig Splunk Enterprise Security 5.0 Install on 6.3 leads to web integer literal error

I installed 6.3 Splunk Enterprise and then went to install Splunk Enterprise Security 5.0 SPL and after the installat...
by doodoodonk Engager in Splunk Enterprise Security 06-14-2018
0 0
0
0
venkatesh_gopal

Unable to install PhishTank app in Splunk ES

Hi Nimish Doshi, We are unable to install the phish tank app in our splunk instance. We reached to our support team ...
by venkatesh_gopal New Member in Splunk Enterprise Security 06-13-2018
0 2
0
2
dheerajdwiv

Splunk CIM Validator: Issue Field validation error "no validation regex was found to evaluate"

While validating the varonis logs using Splunk CIM Validator App, I am getting following error "no validation regex w...
by dheerajdwiv Engager in Splunk Enterprise Security 06-13-2018
0 0
0
0
kje

Is it possible to resolve remote hostname using most recent DNS query by local hostname?

I'm new to Splunk and it is not quite clear to me how one would assign hostnames to remote computers based on the DNS...
by kje New Member in Splunk Enterprise Security 06-13-2018
0 3
0
3
jcampbell1977

Multple Enterprise Security clusters to one search peer pool

Is it possible to have two instances of ES searching the same search peer pool?
by jcampbell1977 Explorer in Splunk Enterprise Security 06-12-2018
0 1
0
1
inventsekar

Splunk Enterprise Security tutorials and sample data dump

I have used that search tutorials for splunk.Is there any similar one splunk ES?!?! For splunk, there is a tutorials ...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 06-12-2018
0 2
0
2
jorgepinto1

Dnstwist full TLD list

This is more of a feature request than a proper question. Is it possible to generate the a full tld list instead of...
by jorgepinto1 Explorer in Splunk Enterprise Security 06-12-2018
0 0
0
0
a_naoum

Splunk Add-on for Unix and Linux vs Linux Auditd

Hello, For planned test environment with ES I'm trying to see what fit better to my scenario. I can see that Splunk ...
by a_naoum Path Finder in Splunk Enterprise Security 06-11-2018
1 3
1
3
DSIre

Filtering non-compliant Machines from forescout logs

We have events feeding into splunk from ForeScout logs (no forescout APP) and i would like to filter it so that only ...
by DSIre New Member in Splunk Enterprise Security 06-11-2018
0 0
0
0
jowenssi

Enterprise Security in Splunk 7.1

There appears to be issues with Splunk Enterprise on Splunk 7.1 Is there a reason that the Incident Review "Urgency"...
by jowenssi Path Finder in Splunk Enterprise Security 06-11-2018
0 18
0
18
atulod1

Using REX field Command How?

06/02/2018 06:00:37 AM LogName=Application SourceName=MSSQLSERVER EventCode=18456 EventType=0 Type=Information Comput...
by atulod1 New Member in Splunk Enterprise Security 06-10-2018
0 1
0
1
AlexeySh

May I have a help to configure wildcard usage in lookup table?

Hello, I’d like to configure a wildcard usage for a lookup table, but unfortunately I’m not a Splunk guru and probab...
by AlexeySh Communicator in Splunk Enterprise Security 06-08-2018
0 2
0
2
DEAD_BEEF

Splunk CIM mismatch type for tags

Not sure how to fix this, but for some reason the tags showing up in Search > Datasets > Intrusion Detection > IDS A...
by DEAD_BEEF Builder in Splunk Enterprise Security 06-06-2018
0 0
0
0
DEAD_BEEF

Why Splunk CIM does not apply tags but 'Search & Reporting' does?

Within Splunk ES, I have two tags applied based on Event types and cannot for the life of me get it to apply when att...
by DEAD_BEEF Builder in Splunk Enterprise Security 06-06-2018
0 1
0
1
DEAD_BEEF

Why aren't my IDS logs populating the Intrusion Detection data model?

I am using Splunk ES and trying to match my IDS logs to the Intrusion Detection data model. I thought I did all prep...
by DEAD_BEEF Builder in Splunk Enterprise Security 06-06-2018
0 1
0
1
AlexeySh

Is it possible to use a comparison / conditional functions with a lookup?

Hello, I’d like to create an alert on ransomware detections. I have file events logs and their most important field ...
by AlexeySh Communicator in Splunk Enterprise Security 06-06-2018
0 4
0
4
V4M51

After collecting all the logs and writing search quarries, How to do incident management and develop use-cases, and security playbooks.

After collecting all the logs and writing search quarries, How to do incident management and develop use-cases, and s...
by V4M51 Engager in Splunk Enterprise Security 06-05-2018
0 1
0
1
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...
Top Solution Authors
View All