Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
laurent_ripaux

Getting F5 data into the data model of enterprise security

The F5 logs are sent through the syslog to Splunk. However, the messages are not likely correctly cut out because man...
by laurent_ripaux New Member in Splunk Enterprise Security 09-15-2017
0 3
0
3
rchan11

Questions about getting started with Splunk Enterprise Security

Hi, I'm new to Splunk Enterprise Security but we do have Splunk to monitor and alert on our application logs. Are t...
by rchan11 Explorer in Splunk Enterprise Security 09-14-2017
0 3
0
3
cwilmoth

Splunk Common Information Model (CIM): Why is data model acceleration not working for Email data model?

We are running the latest versions of Splunk Enterprise, Splunk Enterprise Security, and Splunk Common Information Mo...
by cwilmoth Path Finder in Splunk Enterprise Security 09-13-2017
0 4
0
4
Skins

How can I test for high or critical notable events?

I have read this article which describes searching for high or critical notable events. https://answers.splunk.com/a...
by Skins Path Finder in Splunk Enterprise Security 09-11-2017
0 2
0
2
Skins

Create indexer app purely for index configs and splitting hot\warm paths - what considerations when ES Splunk_TA_ForIndexers is used ?

allo, I have inherited a scenario of 1 x SH, 1 DS, 1 IDX, 1HF The SH has an instance of ES installed. I'm looking a...
by Skins Path Finder in Splunk Enterprise Security 09-09-2017
0 2
0
2
mattbellezza

How can I accelerate my DataModel Query below to work better for an Alert?

I am trying to speed up my data model search for an alert that checks every 5 minutes (for the last 5 minutes) for "e...
by mattbellezza Explorer in Splunk Enterprise Security 09-08-2017
0 1
0
1
Shradha_Venkata

Setting Multiple severity level for same Correlation search

Hi, Is it possible to set two different severity level for same Correlation search. For Eg My search output list s...
by Shradha_Venkata New Member in Splunk Enterprise Security 09-08-2017
0 1
0
1
colinjmchugo

Repeat offenders risk

I have a weighted score for repeat offenders using the following formula | table _time id priority.name username hos...
by colinjmchugo Explorer in Splunk Enterprise Security 09-07-2017
0 5
0
5
sumanssah

Search for common values from 2 different sourcetypes

Hello, I am trying to create an Splunk query to get common username from 2 different sourcetype : 1st Sourcetype : ...
by sumanssah Communicator in Splunk Enterprise Security 09-05-2017
0 1
0
1
vanderaj2

What populates the list of "Owners" in the ES App?

Hey Splunkers, I'd like to assign an owner to some events appearing in the 'Incident Review" dashboard in the Enterp...
by vanderaj2 Path Finder in Splunk Enterprise Security 08-30-2017
1 3
1
3
guarisma

Cisco ACI Add-on for Splunk Enterprise: What CIM Module data sets does are in compliance for each sourcetype?

The Cisco ACI Add-on for Splunk Enterprise provides these source types: cisco:apic:health cisco:apic:stats cisco:api...
by guarisma Contributor in Splunk Enterprise Security 08-29-2017
0 2
0
2
Skins

How to remove custom correlation searches in Splunk Enterprise Security?

IF an error is made when creating a correlation search - like using the wrong app context, and you'd like to remove t...
by Skins Path Finder in Splunk Enterprise Security 08-29-2017
1 1
1
1
JoeBlake

Are there issues with adding Enterprise Security 3.3.0 with my overall search head cluster?

Can I combine enterprise security 3.3.0 with PCI 2.1.1 AND all of my other non CIM compliant apps into one big search...
by JoeBlake Engager in Splunk Enterprise Security 08-29-2017
3 4
3
4
yashwanth_g_pra

How can I restrict a user role access to specific Enterprise Security dashboards?

Hi, I wanted to create a user account having only access to ES-APP and within which he needs to have access to only ...
by yashwanth_g_pra Observer in Splunk Enterprise Security 08-25-2017
0 2
0
2
cjsweeney1

New cisco security suite install - 500 internal server error

New Cisco security suite installed on the enterprise security server- i am see a 500 internal server error when atte...
by cjsweeney1 Explorer in Splunk Enterprise Security 08-23-2017
0 3
0
3
khagan

How can I customize notable events created by a custom application?

I've written some Correlation Searches in Enterprise Security and saved them in a custom app: "SA-Custom". I've chose...
by khagan Path Finder in Splunk Enterprise Security 08-23-2017
0 1
0
1
jdeer0618

How is the cron_schedule_map lookup in the SA-Utils app of Splunk Enterprise Security used?

There is a lookup in the SA-Utils app called "cron_schedule_map.csv" and I was wondering if any one out there knows h...
by jdeer0618 Explorer in Splunk Enterprise Security 08-22-2017
0 2
0
2
sumitkathpal

Custom Cluster Map Visualization not working in Enterprise security APP

Hi All, I just installed the Custom Cluster Map Visualization APP ,APP is working in search and reporting but not wo...
by sumitkathpal Explorer in Splunk Enterprise Security 08-22-2017
0 2
0
2
mdessus_splunk

Authentication extraction for Unix add-on and Enterprise Security (tested un Ubuntu Linux)

For the ones who use the Unix addon for extracting authentication events for Enterprise Security, and some events are...
by mdessus_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 08-18-2017
1 2
1
2
shubham87

Can I use the same indexers for a Splunk Enterprise search head and another search head?

I am in process of Splunk Enterprise Security deployment. While deployment of Add-ons to my indexers, documentation s...
by shubham87 Explorer in Splunk Enterprise Security 08-16-2017
0 3
0
3
shubham87

Splunk Enterprise Security: How to deploy the included add-ons to forwarders?

I have recently deployed Splunk Enterprise Security (ES) on one of our Search Heads. While installing, it could not p...
by shubham87 Explorer in Splunk Enterprise Security 08-15-2017
0 1
0
1
joshuamillikan

Extreme Search Issue with xsWhere command

So having an issue with extreme search. I have a DD context generated for users sending emails based off their identi...
by joshuamillikan New Member in Splunk Enterprise Security 08-14-2017
0 3
0
3
R_B

Help with troubleshooting errors in Splunk Enterprise Security: what script is ran to show this error message?

Hello Splunk community, I am having a problem with Enterprise Security. All of the threat intelligences are not able...
by R_B Path Finder in Splunk Enterprise Security 08-11-2017
0 3
0
3
lakshman239

Splunk ES : macro get_identity4events not returning values from identity in notables

Greetings we have the following versions : Splunk 6.5.2/ES 4.5.0/CIM 4.6.0 When we use the macro on its own in the...
by lakshman239 Influencer in Splunk Enterprise Security 08-09-2017
0 1
0
1
shubham87

Syslogs from devices to different indexers with same index name

Hi, We are planning to use TCP syslog to send logs from networks devices to heavy forwarders and from there to index...
by shubham87 Explorer in Splunk Enterprise Security 08-09-2017
0 2
0
2
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...
Top Solution Authors
View All