Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
wliu_ondeck
We currently use Splunk Enterprise Security (ES). When ingesting Carbon Black Protection (bit9) logs which Splunkba...
by wliu_ondeck Explorer in Splunk Enterprise Security 12-07-2017
0 5
0
5
miked531
Among other things, I have the Enterprise Security and Splunk_TA_ipfix apps installed and am successfully indexing IP...
by miked531 Explorer in Splunk Enterprise Security 12-06-2017
0 2
0
2
michael_daoust
Is it possible/practical to use the adaptive response actions to send notable events from splunk ES to another applic...
by michael_daoust New Member in Splunk Enterprise Security 12-04-2017
0 1
0
1
test_qweqwe
Hello, I have already written similar questions in past, but now it's global issue. Official documentation not answer...
by test_qweqwe Builder in Splunk Enterprise Security 12-01-2017
0 1
0
1
vumanhtai
Hi All! how i can import visio file to Glass Tables in the splunk enterprise security
by vumanhtai Path Finder in Splunk Enterprise Security 11-30-2017
0 2
0
2
test_qweqwe
sourcetype=WinEventLog:Security (EventCode=4720) | eval date=strftime(_time, "%Y/%m/%d") |rex "New\sAccount:\s+.*\s+\...
by test_qweqwe Builder in Splunk Enterprise Security 11-28-2017
0 8
0
8
cheaston
Enterprise Security comes pre-configured with several blocklists, however we have a valid business case for some of t...
by cheaston New Member in Splunk Enterprise Security 11-28-2017
0 4
0
4
ramesh_babu71
Hello, I'm trying out a Adaptive response action of VirusTotal which i created by following this site http://dev.spl...
by ramesh_babu71 Path Finder in Splunk Enterprise Security 11-27-2017
0 3
0
3
10306629
"Search peer has the following message: Review roles for unnecessary read or write access to authorize.conf and remov...
by 10306629 New Member in Splunk Enterprise Security 11-27-2017
0 4
0
4
soumyasaha2506
I am quite new to ES, although i have an good understanding of data models and other Splunk commands, i am unable to ...
by soumyasaha2506 Loves-to-Learn in Splunk Enterprise Security 11-21-2017
0 1
0
1
test_qweqwe
How to change this search to show Unsuccessful/Failed Windows Updates? sourcetype=WinEventLog:System EventCode=19...
by test_qweqwe Builder in Splunk Enterprise Security 11-21-2017
0 2
0
2
rohansecadvbot
Hi I am trying to create add-ons for splunk enterprise security. is there a developer version of the app , with sampl...
by rohansecadvbot Explorer in Splunk Enterprise Security 11-17-2017
0 2
0
2
brianyaucy
Hi all! I have just started working on Splunk ES. However I found that when turned on the correlation rule below, th...
by brianyaucy New Member in Splunk Enterprise Security 11-16-2017
0 5
0
5
test_qweqwe
I will try again, but with correct tags of my question. Today I tried many times fix it and zero results. https://p...
by test_qweqwe Builder in Splunk Enterprise Security 11-15-2017
0 5
0
5
sbattista09
in the Top 20 Memory-Consuming Searches dashboard in the DMC OR DM OR whatever its called nowadays i am seeing the us...
by sbattista09 Contributor in Splunk Enterprise Security 11-14-2017
0 1
0
1
test_qweqwe
I have this search: | metadata type=hosts | lookup critical_systems Host_name as host OUTPUT Host_name as host | sear...
by test_qweqwe Builder in Splunk Enterprise Security 11-14-2017
0 5
0
5
test_qweqwe
Hello my little friends!  In your opinion what correlation searches must have SOC?
by test_qweqwe Builder in Splunk Enterprise Security 11-14-2017
0 3
0
3
deepu123
I am using search head cluster and trying to create a correlation search by selecting application context as "DA-ESS-...
by deepu123 Explorer in Splunk Enterprise Security 11-12-2017
0 1
0
1
responsys_cm
I have a customer with a very unique network environment. They will have multiple ES clusters worldwide. The only w...
by responsys_cm Builder in Splunk Enterprise Security 11-10-2017
0 5
0
5
kannanmallan
We are on Splunk Cloud 6.4. We have Splunk Enterprise Security too. FireEye App for Splunk Enterprise v3 (ver 3.0....
by kannanmallan New Member in Splunk Enterprise Security 11-10-2017
0 3
0
3
JeffBothel
I am looking to get a ratio in something akin to the following method but this is throwing errors from Splunk ES: ev...
by JeffBothel Explorer in Splunk Enterprise Security 11-09-2017
0 1
0
1
MonkeyK
pancontentpack is supposed to get app and threat metadata from Panorama. I noticed that pancontentpack is only part ...
by MonkeyK Builder in Splunk Enterprise Security 11-07-2017
1 2
1
2
AshTillman11
I am seeing a number of events for abnormally high number of HTTP POST requests in our enterprise security incident r...
by AshTillman11 Engager in Splunk Enterprise Security 11-07-2017
1 2
1
2
thomas_porter
I upgraded the ES app from 4.5 to 4.7. I work on a closed system so I do not make use of the Threat Intel downloads....
by thomas_porter Explorer in Splunk Enterprise Security 11-07-2017
1 7
1
7
samhodgson
Hi All, I've just got Enterprise Security configured and im now trying to reduce the amount of false alarms created....
by samhodgson Path Finder in Splunk Enterprise Security 11-07-2017
2 3
2
3
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...