Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
gf13579

Which TA should I use for FortiGate?

Splunk ES includes TA-fortinet 4.7.1. FortiNet maintain Splunk_TA_fortinet_fortigate, currently at v1.5, and whose ...
by gf13579 Communicator in Splunk Enterprise Security 04-02-2018
1 13
1
13
daniel333

Any challenges running Splunk ES without admin I should be aware of?

All, Per a request from our security team, I moved Splunk to LDAP only and blasted the local admin account. But ES ...
by daniel333 Builder in Splunk Enterprise Security 03-30-2018
0 1
0
1
manideep6669

How to assign roles to X team if model User doesn't have access to that Index?

How to assign roles to X team if model User doesn't have access to that Index? How to search those roles in Model Use...
by manideep6669 Engager in Splunk Enterprise Security 03-28-2018
1 0
1
0
daniel333

What are all the URLs I need to open Splunk Enterprise Security up to for its default threat lists?

All, Anyone have a list of all the URL's IPs I need to open Splunk Enterprise Security up to for its threat lists? ...
by daniel333 Builder in Splunk Enterprise Security 03-28-2018
1 3
1
3
manideep6669

How to resolve the problem when disc full in prod ES SHC members?

Disc space is almost full i.e., 96% How to resolve this problem? What to do if my Mount Point is full? Any Linux Comm...
by manideep6669 Engager in Splunk Enterprise Security 03-27-2018
1 0
1
0
rotundwizard

Using Inputlookup to Eliminate Search Results

Been banging my head on this and need some assistance. Trying to use a csv to eliminate some search results with no s...
by rotundwizard Explorer in Splunk Enterprise Security 03-26-2018
0 7
0
7
mcxrisley08

Why are the dashboards not displaying any data in the Enterprise Security app?

So I recently had to nuke the search head that our Enterprise Security app was running on. I have reinstalled everyth...
by mcxrisley08 Path Finder in Splunk Enterprise Security 03-26-2018
0 5
0
5
kiranp2

Notable events stopped updating in Incidnet Review in ES app

Hi Splunkers, we are not able to see any notable events from yesterday in ES app even though we have not made change...
by kiranp2 New Member in Splunk Enterprise Security 03-22-2018
0 1
0
1
abdullahgursu

How to retrieve open incidents from splunk enterprise security?

Is it the proper way to get incidents through a webhook that searchs for notable events and send them to our api? I ...
by abdullahgursu Engager in Splunk Enterprise Security 03-22-2018
0 0
0
0
samhodgson

Rule_id's missing in incident_review_lookup for Correlation Search

Hi, I am reviewing the results for the 'ESCU - DNS Query Requests Resolved by Unauthorized DNS Servers - Rule' corre...
by samhodgson Path Finder in Splunk Enterprise Security 03-21-2018
0 0
0
0
att35

Why eStreamer data from sourcefire is not getting tagged for IDS_Attacks datamodel?

Hi, We are indexing eStreamer logs from sourcefire and have the app, "eStreamer for Splunk" (2.2.1) and add-on, "Spl...
by att35 Builder in Splunk Enterprise Security 03-21-2018
0 6
0
6
abdullahgursu

Splunk Enterprise Security API is not allowed for admin

I have admin, user, power roles on Splunk Enterprise Security instance but it still requires authentication and it do...
by abdullahgursu Engager in Splunk Enterprise Security 03-14-2018
0 1
0
1
mmoermans

Failed to find the target event with valid host and source values error

When using Enterprise Security we get the following error "Failed to find the target event with valid host and source...
by mmoermans Path Finder in Splunk Enterprise Security 03-14-2018
0 0
0
0
mohammedsamir

is it possible to install other Splunk Apps (CIM compliant and non compliant) on the same search head which contains Enterprise security ?

If it isn't possible to install other apps that aren't CIM Compliant on the Sh machine that has the Enterprise securi...
by mohammedsamir Explorer in Splunk Enterprise Security 03-13-2018
0 4
0
4
N92

Data Model rebuild loose any kind of data from indexers?

If I am rebuilding existing data model in ES then it may be possible to loose any kind of data from indexers?
by N92 Path Finder in Splunk Enterprise Security 03-11-2018
0 8
0
8
CSmoke

Is Extreme Search still available?

I no longer see Extreme Search on Splunkbase. Is it part of Splunk or Enterprise Security? (We are a few version be...
by CSmoke Path Finder in Splunk Enterprise Security 03-10-2018
1 5
1
5
jc_najera

Why are the notable events from Symantec not accurate?

Hi Community, Not sure how to explain this... But the whole timeline looks like this: A user plugs in a USB stick o...
by jc_najera New Member in Splunk Enterprise Security 03-08-2018
0 1
0
1
pksecurityiris

How to enable and send an email notification when an incident has been assigned in Splunk Enterprise?

Dear Team, In splunk ES if the incident is assigned to someone an email notification needs to be sent that the incide...
by pksecurityiris Engager in Splunk Enterprise Security 03-08-2018
2 0
2
0
lakshman239

why do we not have setup.xml in add-on's created by add-on builder?

Greetings I am using the latest version of add-on builder (2.2.0) and can create an alert action/adaptive response a...
by lakshman239 Influencer in Splunk Enterprise Security 03-08-2018
0 2
0
2
laleger

How to get (or generate) Splunk ES notable event titles as seen on Incident Review dashboard

I would like to create a dashboard that displays notable event titles as seen on the Incident Review dashboard. Is th...
by laleger Explorer in Splunk Enterprise Security 03-07-2018
1 4
1
4
Kinngk789

Splunk Enterprise Security Default Workflow Actions

Are the Workflow Actions listed in the Enterprise Security Sandbox installed by default with a new Enterprise Securit...
by Kinngk789 New Member in Splunk Enterprise Security 03-07-2018
0 0
0
0
zestep

How to make cluster map drilldown link to related search?

<title>Registered Devices (Map)</title> <search> <query>| devicesearch query="$sensor_sea...
by zestep New Member in Splunk Enterprise Security 03-07-2018
0 0
0
0
kamal_jagga

Need help to update "Notable -Substantial Increase In Port Activity" to establish a base line for each destination port

We have not been using the Splunk ES for long and the “xswhere” used for this notable is an extreme search. The extre...
by kamal_jagga Contributor in Splunk Enterprise Security 03-05-2018
0 2
0
2
hcannon

Create event type as alert action

Splunk Enterprise Security uses "event types" as a means to suppress future alerting on a set of field values. We lik...
by hcannon Path Finder in Splunk Enterprise Security 03-05-2018
0 0
0
0
aaronandshag

How can I get the description column of my custom lookup to show up in our Splunk Enterprise Security Incident Review queue?

In our Splunk Enterprise Incident review queue, I have a custom lookup that is being used for our threat intelligence...
by aaronandshag Explorer in Splunk Enterprise Security 03-03-2018
0 2
0
2
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

How Edge Processor's Durable Queue Works

Edge Processor sits in one of the most consequential places in any Splunk pipeline: between your data sources ...

Quantify Your Splunk Investment Impact: Introducing Savings Metrics to Value Insights

Building on the foundation established in our initial Value Insights releases, we are introducing the Savings ...