Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
avivz

Submit and Extract xml data

Hi, I submitted a xml string to specific index using (.submit()) in python. index = splunk_client.indexes[index_nam...
by avivz New Member in Splunk Enterprise Security 06-05-2018
0 0
0
0
AlexeySh

Can anyone recommend a relevant public malware domain list?

Hello, I find that the default malware domain list used by Splunk ES (that of malwaredomains.com) is not very releva...
by AlexeySh Communicator in Splunk Enterprise Security 06-05-2018
0 2
0
2
fzuazo

Event ID 4738 - How to alert when source user and target user are the same ?

Greetings all, I am currently using a simple Splunk query to return all changes to a user account. sourcetype=Win...
by fzuazo Path Finder in Splunk Enterprise Security 05-31-2018
0 4
0
4
princemanto2580

Which Data Model are need to update if I use Zscaler add-on

Hello All, I used the Splunk Add-on for Zscaler (https://splunkbase.splunk.com/app/3865/). But what are the data-mod...
by princemanto2580 Path Finder in Splunk Enterprise Security 05-30-2018
0 1
0
1
ab81428

what is recommended sourcetype for Oracle OIM/OAM servers logs - server are running on windows server

what is recommended sourcetype for Oracle OIM/OAM servers logs - server are running on windows server Logs are colle...
by ab81428 Path Finder in Splunk Enterprise Security 05-30-2018
0 0
0
0
janettemendoza

how much is enterprise security 4.7?

please provide pricing for Enterprise Security App.
by janettemendoza New Member in Splunk Enterprise Security 05-29-2018
0 2
0
2
shayhibah

Duplicate logs cause incorrect data in dashboard

Hi, I use various dashboards which include in Splunk Enterprise Security app. In case of duplicate logs in my enviro...
by shayhibah Path Finder in Splunk Enterprise Security 05-29-2018
0 3
0
3
brober27

Detect CSRF attack on access log of Application Server

Please can anyone help in suggest search SPL command line to issue on an URL field in order to detect a CSRF attack ...
by brober27 New Member in Splunk Enterprise Security 05-27-2018
0 0
0
0
daniel333

How do I use Splunk ES's default lookups?

All, Mind is drawing a blank. I want to normalize netstat output and then do a lookup on the destination fields to ...
by daniel333 Builder in Splunk Enterprise Security 05-25-2018
0 1
0
1
jhigginsmq

tstats errors with Splunk 7.1 + Enterprise Security 5.1?

Hi. We've just upgraded to Splunk 7.1 on our ES search head, as well as upgrading ES from 5.0 to 5.1 to meet the comp...
by jhigginsmq Path Finder in Splunk Enterprise Security 05-25-2018
0 2
0
2
saurabh_tek11

Splunk ES Integration with Manage Engine Service Desk Plus

How can we Integrate them so that both (Manage Engine and Splunk ES Incident review) works in sync
by saurabh_tek11 Communicator in Splunk Enterprise Security 05-25-2018
0 3
0
3
BAPA157

Splunk ES correlation searches problem

Hello, I have figured out a strange behavior of Splunk correlation searches. I'm using Splunk Enterprise version 7.0...
by BAPA157 Engager in Splunk Enterprise Security 05-25-2018
0 0
0
0
shartwell

Why does the alert action I created with Add-on builder fire in Test, but not as an alert action for a Correlation Search?

I created an alert action using the latest verison of Add-on Builder (v2.2) using some other Splunk answers posts as ...
by shartwell Explorer in Splunk Enterprise Security 05-24-2018
0 0
0
0
shayhibah

Post Processing Search as default

I have multiple logs with the same unique field. for instance: Time: 10:00:00 Log-id: 0x1212 Message: ABCD Time: 10:...
by shayhibah Path Finder in Splunk Enterprise Security 05-24-2018
0 4
0
4
raghu_yara

Vulnerbaility data model information is mismatch with datamodel acceleration

Hi, using this query | from datamodel:"Vulnerabilities"."Vulnerabilities" |stats count by signature getting result 2...
by raghu_yara New Member in Splunk Enterprise Security 05-24-2018
0 1
0
1
kwchang_splunk

Splunk Enterprise Security: Why are notable events not created and notable alert_action is not triggered?

One of my Splunk Enterprise Security customer's complained that sometimes the notable events are not created even whe...
by kwchang_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 05-21-2018
0 4
0
4
bbraun

Excessive Failed Logins Correlation Search

Hi guys, Im not sure how to go about this. We currently have the Excessive Failed Logins Correlation Search enabled...
by bbraun New Member in Splunk Enterprise Security 05-21-2018
0 0
0
0
adamsmith47

Review account activity for accounts which have been flagged.

Let me first say, I'm sure I could write a search that essentially returns what I'm looking for, however due to the a...
by adamsmith47 Communicator in Splunk Enterprise Security 05-18-2018
0 1
0
1
shahchintant

forwarding from index_a to index_b

If events are coming in from heavy forwarder 1 to heavy forwarder 2, is is possible to change the index name on HF B ...
by shahchintant Engager in Splunk Enterprise Security 05-18-2018
0 5
0
5
gilbxrtx_7

How to include two 'like' eval expressions in splunk

I am working on eval expression. I have a set of data and I want to evaluate a field such that I only extract login a...
by gilbxrtx_7 New Member in Splunk Enterprise Security 05-17-2018
0 2
0
2
emmanuelpeter

How to generate an event when a risk score above 100 is generated?

So basically I'm trying to generate an event when a risk score above 100 is generated, I've come up with the below se...
by emmanuelpeter New Member in Splunk Enterprise Security 05-17-2018
0 3
0
3
npavlidis

When does uploaded threat intelligence expire?

When a file is manually uploaded in Enterprise Security(ES), you can (and have to) define File Name, File to be uploa...
by npavlidis Engager in Splunk Enterprise Security 05-17-2018
0 4
0
4
nb1030

Add additional log types to a dataset

In the Threat Activity Detected IR correlation search, it calls for stuff from the "Threat Intelligence" Data Model. ...
by nb1030 New Member in Splunk Enterprise Security 05-16-2018
0 1
0
1
MonkeyK

How do I look for domains that aren't in the Alexa top 1 million?

I am trying to find non-alexa top 1 million domain requests. I am getting alexa_by_str.csv from https://s3.amazonaws...
by MonkeyK Builder in Splunk Enterprise Security 05-16-2018
0 13
0
13
gilbxrtx_7

Search string used for creating event type for data modelling marked as invalid search by Splunk

I am working on aligning my own data to Splunk Enterprise Security's data model. Big error 1: I draft out my search...
by gilbxrtx_7 New Member in Splunk Enterprise Security 05-16-2018
0 0
0
0
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...
Top Solution Authors
View All