Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
Kinngk789
Are the Workflow Actions listed in the Enterprise Security Sandbox installed by default with a new Enterprise Securit...
by Kinngk789 New Member in Splunk Enterprise Security 03-07-2018
0 0
0
0
zestep
<title>Registered Devices (Map)</title> <search> <query>| devicesearch query="$sensor_sea...
by zestep New Member in Splunk Enterprise Security 03-07-2018
0 0
0
0
kamal_jagga
We have not been using the Splunk ES for long and the “xswhere” used for this notable is an extreme search. The extre...
by kamal_jagga Contributor in Splunk Enterprise Security 03-05-2018
0 2
0
2
hcannon
Splunk Enterprise Security uses "event types" as a means to suppress future alerting on a set of field values. We lik...
by hcannon Path Finder in Splunk Enterprise Security 03-05-2018
0 0
0
0
aaronandshag
In our Splunk Enterprise Incident review queue, I have a custom lookup that is being used for our threat intelligence...
by aaronandshag Explorer in Splunk Enterprise Security 03-03-2018
0 2
0
2
evelenke
Hi Splunkers, As it's stated in documentation, fields like ip, mac, dns in Asset lookup should be "A pipe-delimited ...
by evelenke Contributor in Splunk Enterprise Security 03-03-2018
0 1
0
1
j4adam
Hi all, I have created an adaptive response collects information from a host and indexes it. I have attached this a...
by j4adam Communicator in Splunk Enterprise Security 03-03-2018
0 1
0
1
joonoyang
Hi, I'm working on adding new data in CIM and putting tags in Communication and network with required fields. Of cou...
by joonoyang Engager in Splunk Enterprise Security 03-03-2018
0 1
0
1
tauricecobbins
The webhook opiont is only available under Search & Reporting alert actions. This option in not available in the adap...
by tauricecobbins Engager in Splunk Enterprise Security 03-03-2018
2 1
2
1
mgkaddoura
Hello Is it possible to assign the default owner of the notable event based on a time schedule? For example, if the...
by mgkaddoura Engager in Splunk Enterprise Security 03-03-2018
1 1
1
1
pfabrizi
We are using ES and I was wondering if all the data models\lookups and enriched data available when searching from a ...
by pfabrizi Path Finder in Splunk Enterprise Security 03-02-2018
0 1
0
1
gf13579
The correlation search 'Completely Inactive Accounts' makes use of the Access Tracker lookup, which records the most ...
by gf13579 Communicator in Splunk Enterprise Security 03-01-2018
0 0
0
0
wishfor
I added a new Threat Intelligence Download and in the Audit dashboard I can constantly see that the feed on "csv down...
by wishfor Engager in Splunk Enterprise Security 02-28-2018
1 0
1
0
deepak007
I tried creating an ES App alert to detect if anyone is sending emails to the mentioned blacklisted domains, but its ...
by deepak007 Explorer in Splunk Enterprise Security 02-28-2018
0 5
0
5
JohannLiebert92
Hi everyone, I'm having trouble to access Splunk web on HTTPS. After I installed ES, HTTPS was on automatically for ...
by JohannLiebert92 Path Finder in Splunk Enterprise Security 02-28-2018
1 10
1
10
srikanthpanchak
Hi, I am trying to call dashboard via the XML file. How do I pass the username and password as parameters? http://m...
by srikanthpanchak New Member in Splunk Enterprise Security 02-27-2018
0 0
0
0
gworkun
Hey all, Looking for any better documentation/steps on integrating Splunk Stream app with Enterprise Security. Runni...
by gworkun Explorer in Splunk Enterprise Security 02-27-2018
0 3
0
3
panovattack
Does anyone have an example of how to use the extraction regex in the threat intelligence download manager?
by panovattack Communicator in Splunk Enterprise Security 02-27-2018
0 9
0
9
andresito123
I upgraded to the latest ES app and now I get "The connection was reset" error when I am trying to connect to the web...
by andresito123 Communicator in Splunk Enterprise Security 02-23-2018
0 1
0
1
iKickFish
We see there are 40,000 failed login attempts to a DC on our network but are unable to verify the source (IP) using S...
by iKickFish Explorer in Splunk Enterprise Security 02-22-2018
0 2
0
2
joonoyang
Hi Splunk forks, I would like to make sure if the following upgrade path is okay. We have ES 4.5.1 running on Splunk...
by joonoyang Engager in Splunk Enterprise Security 02-22-2018
0 2
0
2
chrisschum
Is there a way to ignore additional field data populated from anything other than Lists and Lookups data within ES? ...
by chrisschum Path Finder in Splunk Enterprise Security 02-19-2018
0 0
0
0
deepak007
I have 2 indexes which have common values in their fields index1 has a field dest containing few values which are mat...
by deepak007 Explorer in Splunk Enterprise Security 02-18-2018
0 2
0
2
sheamus69
Splunk ES: 6.5.2 Splunk Enterprise Security: 4.5.1 I am adding a new swimlane to the Identities Investigator and h...
by sheamus69 Communicator in Splunk Enterprise Security 02-17-2018
1 1
1
1
chrisschum
In ES, I'm trying to create a correlation search where I establish groups on a 'List and Lookups' asset list (under t...
by chrisschum Path Finder in Splunk Enterprise Security 02-15-2018
1 0
1
0
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...