Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

Hi, Because of license renew/upgrade: is there any way to report/estimate the license volume processed by Enterpri...

by Communicator in

Splunk ES 4.5 - How do we track removed 'investigations' created against a notable event?

I understand we can use the following to look at the investigations created which are 'Active'. |inputlookup appen...

by SplunkTrust in

Why am I getting script failure errors with configuration_check.py that read "A script exited abnormally"?

On new install of Splunk Enterprise Security (version 4.7.6), I am seeing the following errors, once an hour. I inclu...

by Builder in

How can I achieve a field validation in a Custom Adaptive Response Action?

Hello, I'm unable to get field validation in a Custom Adaptive Response Action in Splunk Enterprise Security. What...

by New Member in

Can you help me make a search that returns stats from two indexes when they match?

Hi team! I'm new here, very first time with Splunk. I need stats from two different indexes but only if they ma...

by Path Finder in

TrendMicro AV logs and Malware report: Can anyone me with my search query?

Hello Team , I have to create a report using [trendmicro AV logs] which should include the below details: — Mon...

by Path Finder in

Threat Intelligence Weekly Statistics

I have been trying to get some statistics around the Threat Intel that is being pushed into the the comes into Splunk...

by Explorer in

how to compare different field value and list out the result?

Hi, All i want to do is just find out email event which the (sender_email _address) is different with the (return_ad...

by New Member in

McAFee DLP logs into splunk.

Hi guys, Does anyone have successfully get the DLP incident logs from ePO to Mcafee? I'm using dbconnect with epo APP...

by Engager in

Why the alert drill-down doesn’t seem to be functional under incident review page after app upgrade to 4.7.6?

I'm not able to close notable alerts in the Incident Review but now the alert drill-down doesn’t seem to be functiona...

by Path Finder in

Is Splunk certified Hippa compliant?

I have medical compliance questions from Auditors about the certification through CMS www.cms.gov They have tried to ...

by New Member in

Notable Event Suppression Keys: Why are there periodic duplicate notable events in the search head cluster (SHC)?

I am experiencing periodic duplicate notable events in my search head cluster. I have a feeling this has something to...

by Builder in

How do I import a CSV to compare the information with Splunk?

Hello team! I'm new and I need some help, I would like to be able to upload information that is in a CSV to Spl...

by Path Finder in

How to upload a CSV file daily and compare it with a search?

Hello team! I'm new to this and I need help. I would like to upload a CSV file with the following structure to Spl...

by Path Finder in

cvss score result not available in Splunk Enterprise Security module

Hi Experts, I am trying to setup a glasstable containing the result from cvss score field. I seem to get other...

by New Member in

Why is "Edit notable events section" on incident review page not visible?

I'm not getting edit option in incident review page under SplunkEnterpriseSecuritySuite. I'm using Splunk App for ...

by Path Finder in

Has anybody made a threat feed to firewall rule?

Hi, Has anybody tried the below scenario? If yes, can I get some guidance? Malicious IPs are shown on Splunk da...

by Path Finder in

The 'description' field is not displaying anywhere on Threat Intelligence dashboard from 'local_domain_intel' lookup. Where will it be populated on the dashboard?

We have integrated our Splunk add-on with Splunk Enterprise Security (Threat Intelligence) where we have scheduled a ...

by New Member in

how to create rule if user visiting any malicious domain matches in Phishtank.com

Though we have splunk app for Phishtank but was wondering if it's possible to create rule in Splunk without using the...

by New Member in

Will someone help me understand the following alert?

Hello! Can any one explain to me what's the problem ?

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Enterprise Security license usage: How do you report/estimate the license volume that has been processed?

Splunk ES 4.5 - How do we track removed 'investigations' created against a notable event?

Why am I getting script failure errors with configuration_check.py that read "A script exited abnormally"?

How can I achieve a field validation in a Custom Adaptive Response Action?

Can you help me make a search that returns stats from two indexes when they match?

TrendMicro AV logs and Malware report: Can anyone me with my search query?

Threat Intelligence Weekly Statistics

how to compare different field value and list out the result?

McAFee DLP logs into splunk.

Why the alert drill-down doesn’t seem to be functional under incident review page after app upgrade to 4.7.6?

Is Splunk certified Hippa compliant?

Notable Event Suppression Keys: Why are there periodic duplicate notable events in the search head cluster (SHC)?

How do I import a CSV to compare the information with Splunk?

How to upload a CSV file daily and compare it with a search?

cvss score result not available in Splunk Enterprise Security module

Why is "Edit notable events section" on incident review page not visible?

Has anybody made a threat feed to firewall rule?

The 'description' field is not displaying anywhere on Threat Intelligence dashboard from 'local_domain_intel' lookup. Where will it be populated on the dashboard?

how to create rule if user visiting any malicious domain matches in Phishtank.com

Will someone help me understand the following alert?

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

Remediate Threats Faster and Simplify Investigations With Splunk Enterprise Security ...

How to retrieve a specific alert in Splunk Enterpr...

Why the System Center does not show data from Wind...

Is it possible to clone dashboards from the Enterp...

How to get logs from minio?

'Next Steps' Variable Substitution in Splunk Enter...