Splunk Enterprise Security

Discussions

Thread Info

how to create a threshold alert based on previous data?

I started off with the following search which gives me failed authentication to cisco acs on a daily basis, now i wan...

by Explorer in

I am trying to integrate couple of security devices with Splunk, if any body does this already, please let me know the integration process and version compatibility for vendor software.

Does anybody integrated Imperva DAM with Splunk? if yes what is the process and version compatibility with Splunk? Do...

by New Member in

Does Splunk ES live entirely within etc/apps?

Is there any component that makes Splunk ES tick, which isn't inside the directory etc/apps?

by Explorer in

Comparison chart of data indexed per index over one week

Greetings Splunkers, My question is two fold. I'm in need of an SPL that will show how much data was indexed p...

by Explorer in

Using certificate-based auth for a TAXII Threat Intel download?

I notice that Splice was deprecated as ES (allegedly) did everything Splice did, however one thing Splice supported t...

by Path Finder in

modular_actions_invocations macro

Hi all, Does anyone have any knowledge or understanding with the macro "modular_actions_invocations(2)"? This is a...

by Explorer in

alert triggered but ip not available in csv

Hello Folks, I have enabled a notable in ES_app, which triggers if it finds any ip available from local_ip_intel.c...

by Communicator in

Complex RegEx Capturing Group Assistance

Complex RegEx Capturing Group Assistance I have a couple similar cases where I am struggling to get the desired fi...

by Engager in

How to resolve replication errors on knowledge bundle size over 200MB due to Splunk Enterprise Security identities and assets?

Hi, I'm looking for some answer and suggestion how I could decrease/workaround the knowledge bundle replication er...

by Path Finder in

How to populate malware_alias with TAXII feeds?

Hello everyone! Does anyone know how can I populate the "malware_alias" field with TAXII/STIX objects? I have trie...

by New Member in

Splunk - Enterprise Security - Disable Splunk Web Messages

How can I selectively disable/suppress Splunk web messages? This one is quite a nuisance and quite obviously a bug of...

by Explorer in

How to find time values that are over 90 days old?

Hi, I have 2 fields I would like to only display **lastLogonTimestamp** values that are over 90 days of the **_tim...

by Path Finder in

How to create matching log with CIM "proxy" data model to see information in ES?

I'm receiving logs from a Barracuda Web Security Gateway into splunk. I've created a field extraction rule inline, ge...

by Explorer in

Is it possible to manually add values to a dashboard panel?

I am trying to count the number of events that I am unable to send to Splunk. I need these in a dashboard where I can...

by New Member in

Retrieve/download the original source file(s) after a search

Is there a way to download the sourcefile in the web interface or does it have to be done through the CLI? If it is d...

by Engager in

How can I compare the bandwidth usage of a specific category to the bandwidth usage of all categories combined?

For some reason I'm hitting a wall on the logic of this search. I'm working with Palo Alto logs and the fields i'm in...

by Path Finder in

Splunk ES: collecting Assets from vCenter

Is there a suggested collection method for Assets (for Splunk ES), from vCenter? I see the page "Collect and extra...

by Explorer in

Error after installnig Splunk Enterprise Security 5.0 Install on 6.3 leads to web integer literal error

I installed 6.3 Splunk Enterprise and then went to install Splunk Enterprise Security 5.0 SPL and after the installat...

by Engager in

Unable to install PhishTank app in Splunk ES

Hi Nimish Doshi, We are unable to install the phish tank app in our splunk instance. We reached to our support tea...

by New Member in

Splunk CIM Validator: Issue Field validation error "no validation regex was found to evaluate"

While validating the varonis logs using Splunk CIM Validator App, I am getting following error "no validation regex w...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

how to create a threshold alert based on previous data?

I am trying to integrate couple of security devices with Splunk, if any body does this already, please let me know the integration process and version compatibility for vendor software.

Does Splunk ES live entirely within etc/apps?

Comparison chart of data indexed per index over one week

Using certificate-based auth for a TAXII Threat Intel download?

modular_actions_invocations macro

alert triggered but ip not available in csv

Complex RegEx Capturing Group Assistance

How to resolve replication errors on knowledge bundle size over 200MB due to Splunk Enterprise Security identities and assets?

How to populate malware_alias with TAXII feeds?

Splunk - Enterprise Security - Disable Splunk Web Messages

How to find time values that are over 90 days old?

How to create matching log with CIM "proxy" data model to see information in ES?

Is it possible to manually add values to a dashboard panel?

Retrieve/download the original source file(s) after a search

How can I compare the bandwidth usage of a specific category to the bandwidth usage of all categories combined?

Splunk ES: collecting Assets from vCenter

Error after installnig Splunk Enterprise Security 5.0 Install on 6.3 leads to web integer literal error

Unable to install PhishTank app in Splunk ES

Splunk CIM Validator: Issue Field validation error "no validation regex was found to evaluate"

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

How can I make an ES Incident Review copy of my No...

How to duplicate Notables in ES Incident Review?

How to add new field for filtering in Splunk ES in...

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...