Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Can you help me with a search which would return the sum of multiple count values?

Hello, I am trying to create a dashboard for Splunk Enterprise Security to track incident response. I have a searc...

by Path Finder in

Splunk Add-on for Cisco ASA: Will you help me create a regex expression for a transforms.conf file which filters certain logs out before indexing?

Cisco ASA Regex filtering needed Hello Splunk community, I am in need of some regex help. We have been receivi...

by Path Finder in

How Do You Manage EfficentIP DNS Log Ingestion?

I'm currently looking for others input on how they ingest EfficentIP data sources. Does anyone actively ingest Effice...

by SplunkTrust in

Can you help me troubleshoot a problem adding a trendline to my query?

I need to make a report once a month that indicates the trend between the succesful / unsuccesful log-ins on the netw...

by Communicator in

In the Splunk Enterprise Security Incident Review Dashboard, is it possible to change the default status label?

Is it possible to change default status value from "All" to New & "In Progress" via GUI in the Incident Review dashbo...

by New Member in

Recover Description of notable via search?

Hi everyone, I'm trying to create a search that i can display the notable information. But i have a problema, when...

by Explorer in

Splunk DB Connect: Can you help me create a search that generates an asset list from our Microsoft SQL server?

We are attempting to bring data in from a CMDB to generate our Assets list for Splunk. We have established the connec...

by Communicator in

After running a search which uses a lookup file to whitelist certain domains, I'm receiving the following error: "Regex: UTF-8 error: byte 2 top bits not 0x80"

I am attempting to run a search which matches specific domain names. In this search, I am using a lookup file to whit...

by Explorer in

Merging result of inputlookup file with subsearch to get required results

i have one csv file which contains device name location data , i need to get count of all the device name location wi...

by Path Finder in

How do you properly upload CSV data to Splunk?

I am trying to be an admin for a separate work project. But our original admin has been out of town for a few weeks, ...

by New Member in

When setting up an alert with a "saved search," why am I getting duplicate alerts for the same event with different event_id?

I have set up an alert using a "Saved search" in Splunk Enterprise Security. I am throttling alerts for an hour when ...

by New Member in

Why can't the Splunk AWS Add-On consume Guardduty events using Kinesis like it does for VPC Flow Logs without the need for the HEC?

Why can't the Splunk AWS Add-On consume Guardduty events using Kinesis like it does for VPC Flow Logs without the nee...

by New Member in

Can you do a tstats with Splunk Enterprise Security that would match the value from a lookup table?

Hello all, I am working in Splunk ES and i would like to add the capability of getting a match on my URL list. ...

by New Member in

Reverting to Splunk Enterprise v7.0.x from v7.1.2.

I am running Splunk ES v4.7.2 and upgraded it, along with the rest of my servers to Splunk Enterprise v7.1.2. After h...

by Explorer in

Palo Alto Networks Add-on 6.0.2: Why can't I download threat intelligence from AutoFocus' MineMeld in Splunk Enterprise Security?

Palo Alto Networks Add-on 6.0.2 - fail to download threat intelligence from AutoFocus' MineMeld in Splunk Enterprise ...

by New Member in

Why am I getting a warning when our systems are scanned by Qualys as a part of our deployment process?

Below is the report from Qualys, please help me work it around. X-XSS-Protection HTTP Header missing on port 8089....

by Splunk Employee in

Will the correlation that ES works off of with the Add-on cause issues in finding the data if I have version 5.0 in the environment and version 4.8.4 in ES?

I'm running into an issue with Enterprise Security (ES) - correlation with event types with Add-ons. The example ...

by Path Finder in

how to check severity of notable event

I want to check the severity of notable events so that I can hardcode the value of urgency without using lookups. Is ...

by Communicator in

Parse IMAP message into multiple events

Users report us suspicious emails for threat analysis. My idea is to import these emails into Splunk ES and automate ...

by New Member in

Enterprise Security (ES) asset lookups failing with SRC and dest fields reporting “unknown-internal” and “unknown-external”

Running ES 5.1 on Splunk 7.1. The asset lookups have been working fine. This morning the SRC and dest fields display ...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Can you help me with a search which would return the sum of multiple count values?

Splunk Add-on for Cisco ASA: Will you help me create a regex expression for a transforms.conf file which filters certain logs out before indexing?

How Do You Manage EfficentIP DNS Log Ingestion?

Can you help me troubleshoot a problem adding a trendline to my query?

In the Splunk Enterprise Security Incident Review Dashboard, is it possible to change the default status label?

Recover Description of notable via search?

Splunk DB Connect: Can you help me create a search that generates an asset list from our Microsoft SQL server?

After running a search which uses a lookup file to whitelist certain domains, I'm receiving the following error: "Regex: UTF-8 error: byte 2 top bits not 0x80"

Merging result of inputlookup file with subsearch to get required results

How do you properly upload CSV data to Splunk?

When setting up an alert with a "saved search," why am I getting duplicate alerts for the same event with different event_id?

Why can't the Splunk AWS Add-On consume Guardduty events using Kinesis like it does for VPC Flow Logs without the need for the HEC?

Can you do a tstats with Splunk Enterprise Security that would match the value from a lookup table?

Reverting to Splunk Enterprise v7.0.x from v7.1.2.

Palo Alto Networks Add-on 6.0.2: Why can't I download threat intelligence from AutoFocus' MineMeld in Splunk Enterprise Security?

Why am I getting a warning when our systems are scanned by Qualys as a part of our deployment process?

Will the correlation that ES works off of with the Add-on cause issues in finding the data if I have version 5.0 in the environment and version 4.8.4 in ES?

how to check severity of notable event

Parse IMAP message into multiple events

Enterprise Security (ES) asset lookups failing with SRC and dest fields reporting “unknown-internal” and “unknown-external”

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Enterprise Security Hands-On Workshop - slides

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...