Splunk Enterprise Security

Discussions

Thread Info

Splunk Enterprise Security API is not allowed for admin

I have admin, user, power roles on Splunk Enterprise Security instance but it still requires authentication and it do...

by Engager in

Failed to find the target event with valid host and source values error

When using Enterprise Security we get the following error "Failed to find the target event with valid host and source...

by Path Finder in

is it possible to install other Splunk Apps (CIM compliant and non compliant) on the same search head which contains Enterprise security ?

If it isn't possible to install other apps that aren't CIM Compliant on the Sh machine that has the Enterprise securi...

by Explorer in

Data Model rebuild loose any kind of data from indexers?

If I am rebuilding existing data model in ES then it may be possible to loose any kind of data from indexers?

by Path Finder in

Is Extreme Search still available?

I no longer see Extreme Search on Splunkbase. Is it part of Splunk or Enterprise Security? (We are a few version ...

by Path Finder in

Why are the notable events from Symantec not accurate?

Hi Community, Not sure how to explain this... But the whole timeline looks like this: A user plugs in a USB sti...

by New Member in

How to enable and send an email notification when an incident has been assigned in Splunk Enterprise?

Dear Team, In splunk ES if the incident is assigned to someone an email notification needs to be sent that the incide...

by Engager in

why do we not have setup.xml in add-on's created by add-on builder?

Greetings I am using the latest version of add-on builder (2.2.0) and can create an alert action/adaptive response...

by Influencer in

How to get (or generate) Splunk ES notable event titles as seen on Incident Review dashboard

I would like to create a dashboard that displays notable event titles as seen on the Incident Review dashboard. Is th...

by Explorer in

Splunk Enterprise Security Default Workflow Actions

Are the Workflow Actions listed in the Enterprise Security Sandbox installed by default with a new Enterprise Securit...

by New Member in

How to make cluster map drilldown link to related search?

<title>Registered Devices (Map)</title> <search> <query>| devicesearch query="$sensor_sea...

by New Member in

Need help to update "Notable -Substantial Increase In Port Activity" to establish a base line for each destination port

We have not been using the Splunk ES for long and the “xswhere” used for this notable is an extreme search. The extre...

by Contributor in

Create event type as alert action

Splunk Enterprise Security uses "event types" as a means to suppress future alerting on a set of field values. We lik...

by Path Finder in

How can I get the description column of my custom lookup to show up in our Splunk Enterprise Security Incident Review queue?

In our Splunk Enterprise Incident review queue, I have a custom lookup that is being used for our threat intelligence...

by Explorer in

Format an asset list in Splunk Enterprise Security

Hi Splunkers, As it's stated in documentation, fields like ip, mac, dns in Asset lookup should be "A pipe-delimite...

by Contributor in

Can you run a correlation search as an adaptive response or can you run a correlation search from a python script?

Hi all, I have created an adaptive response collects information from a host and indexes it. I have attached th...

by Communicator in

Splunk Enterprise Security - How do you add asset fields in new search automatically?

Hi, I'm working on adding new data in CIM and putting tags in Communication and network with required fields. Of c...

by Engager in

Is the webhook option supported for adaptive response actions in Enterprise Security?

The webhook opiont is only available under Search & Reporting alert actions. This option in not available in the adap...

by Engager in

Time-based Assignment of Notable Events

Hello Is it possible to assign the default owner of the notable event based on a time schedule? For example, if...

by Engager in

Enterprise Security Question

We are using ES and I was wondering if all the data models\lookups and enriched data available when searching from a ...

by Path Finder in

ES - Access Tracker not recording successful AD auth due to lack of dest

The correlation search 'Completely Inactive Accounts' makes use of the Access Tracker lookup, which records the most ...

by Communicator in

Threat Intelligence download remains stuck on csv doanload

I added a new Threat Intelligence Download and in the Audit dashboard I can constantly see that the feed on "csv down...

by Engager in

Unable to create the alert in ES App

I tried creating an ES App alert to detect if anyone is sending emails to the mentioned blacklisted domains, but its ...

by Explorer in

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

Hi everyone, I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically fo...

by Path Finder in

How to launch Splunk URL using xml file?

Hi, I am trying to call dashboard via the XML file. How do I pass the username and password as parameters? http...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk Enterprise Security API is not allowed for admin

Failed to find the target event with valid host and source values error

is it possible to install other Splunk Apps (CIM compliant and non compliant) on the same search head which contains Enterprise security ?

Data Model rebuild loose any kind of data from indexers?

Is Extreme Search still available?

Why are the notable events from Symantec not accurate?

How to enable and send an email notification when an incident has been assigned in Splunk Enterprise?

why do we not have setup.xml in add-on's created by add-on builder?

How to get (or generate) Splunk ES notable event titles as seen on Incident Review dashboard

Splunk Enterprise Security Default Workflow Actions

How to make cluster map drilldown link to related search?

Need help to update "Notable -Substantial Increase In Port Activity" to establish a base line for each destination port

Create event type as alert action

How can I get the description column of my custom lookup to show up in our Splunk Enterprise Security Incident Review queue?

Format an asset list in Splunk Enterprise Security

Can you run a correlation search as an adaptive response or can you run a correlation search from a python script?

Splunk Enterprise Security - How do you add asset fields in new search automatically?

Is the webhook option supported for adaptive response actions in Enterprise Security?

Time-based Assignment of Notable Events

Enterprise Security Question

ES - Access Tracker not recording successful AD auth due to lack of dest

Threat Intelligence download remains stuck on csv doanload

Unable to create the alert in ES App

Troubles Accessing Splunk Web With HTTPS (Enterprise Security)

How to launch Splunk URL using xml file?

The All New Performance Insights for Splunk

Good Sourcetype Naming

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions