Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
rohansecadvbot

Splunk Enterprise Security: Is there a developer version?

Hi I am trying to create add-ons for splunk enterprise security. is there a developer version of the app , with sampl...
by rohansecadvbot Explorer in Splunk Enterprise Security 11-17-2017
0 2
0
2
brianyaucy

Modifying Correlation search - Substantial Increase in Port Activity (By Destination)

Hi all! I have just started working on Splunk ES. However I found that when turned on the correlation rule below, th...
by brianyaucy New Member in Splunk Enterprise Security 11-16-2017
0 5
0
5
test_qweqwe

Edit title of notable event

I will try again, but with correct tags of my question. Today I tried many times fix it and zero results. https://p...
by test_qweqwe Builder in Splunk Enterprise Security 11-15-2017
0 5
0
5
sbattista09

Top 20 Memory-Consuming Searches

in the Top 20 Memory-Consuming Searches dashboard in the DMC OR DM OR whatever its called nowadays i am seeing the us...
by sbattista09 Contributor in Splunk Enterprise Security 11-14-2017
0 1
0
1
test_qweqwe

Edit name of notable event

I have this search: | metadata type=hosts | lookup critical_systems Host_name as host OUTPUT Host_name as host | sear...
by test_qweqwe Builder in Splunk Enterprise Security 11-14-2017
0 5
0
5
test_qweqwe

Rules/Correlation Searches that must have at SOC!

Hello my little friends!  In your opinion what correlation searches must have SOC?
by test_qweqwe Builder in Splunk Enterprise Security 11-14-2017
0 3
0
3
deepu123

Splunk Enterprise Security: Why are correlation searches not saving in search head cluster?

I am using search head cluster and trying to create a correlation search by selecting application context as "DA-ESS-...
by deepu123 Explorer in Splunk Enterprise Security 11-12-2017
0 1
0
1
responsys_cm

Centralized Splunk config synchronization like rsync over HTTPS

I have a customer with a very unique network environment. They will have multiple ES clusters worldwide. The only w...
by responsys_cm Builder in Splunk Enterprise Security 11-10-2017
0 5
0
5
kannanmallan

"Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'fe_cef_syslog' and lookup table 'fireeye_severity_lookup'" - how to fix?

We are on Splunk Cloud 6.4. We have Splunk Enterprise Security too. FireEye App for Splunk Enterprise v3 (ver 3.0....
by kannanmallan New Member in Splunk Enterprise Security 11-10-2017
0 3
0
3
JeffBothel

Ratios based on field values in Stats

I am looking to get a ratio in something akin to the following method but this is throwing errors from Splunk ES: ev...
by JeffBothel Explorer in Splunk Enterprise Security 11-09-2017
0 1
0
1
MonkeyK

How do I update Palo Alto app and threat metadata in Splunk Enterprise Security

pancontentpack is supposed to get app and threat metadata from Panorama. I noticed that pancontentpack is only part ...
by MonkeyK Builder in Splunk Enterprise Security 11-07-2017
1 2
1
2
AshTillman11

Best way to filter out events within Splunk Enterprise Security Incident Review?

I am seeing a number of events for abnormally high number of HTTP POST requests in our enterprise security incident r...
by AshTillman11 Engager in Splunk Enterprise Security 11-07-2017
1 2
1
2
thomas_porter

Enterprise Security 4.7 - Threat Intel Downloads Won't Stop Despite Disabling

I upgraded the ES app from 4.5 to 4.7. I work on a closed system so I do not make use of the Threat Intel downloads....
by thomas_porter Explorer in Splunk Enterprise Security 11-07-2017
1 7
1
7
samhodgson

Whitelisting values for notable events

Hi All, I've just got Enterprise Security configured and im now trying to reduce the amount of false alarms created....
by samhodgson Path Finder in Splunk Enterprise Security 11-07-2017
2 3
2
3
sumitkathpal

Windows Logs by default gets tagged to alert data model

Hi All, I just found that each logs of windows AD get tagged to alert data model, When i accelerate the data model f...
by sumitkathpal Explorer in Splunk Enterprise Security 11-07-2017
0 1
0
1
dsrvern

Field aliases don't always return the same number of results as the field being aliased

Hi, I'm using Splunk 6.6.3 with the Enterprise Security app, with access only to the web interface. I have two inde...
by dsrvern Explorer in Splunk Enterprise Security 11-06-2017
0 3
0
3
thambisetty

how to save adaptive response in adaptive response in incident review after correlation search is executed

Hi, I have created correlation search and added Run a script adaptive response and notable adaptive response. I could...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 11-06-2017
0 1
0
1
test_qweqwe

What are the key details I should pay attention to when rewriting searches to correlation searches?

Hello all! What should I do or what should I know, (maybe some tricks or magic) if I need to quickly rewrite my searc...
by test_qweqwe Builder in Splunk Enterprise Security 11-02-2017
0 1
0
1
traxxasbreaker

How do I stop datamodel accelerations from turning themselves back on?

I have an instance where I want to keep data model accelerations disabled but they seem to keep turning back on if I ...
by traxxasbreaker Communicator in Splunk Enterprise Security 10-30-2017
2 3
2
3
gerrydevenney

How do I add to Splunk Enterprise Security license?

I have a 50GB Splunk licence and equivalent 50GB ES licence. I have been asked to install a 25GB ES licence in prepar...
by gerrydevenney Engager in Splunk Enterprise Security 10-30-2017
0 3
0
3
laleger

How to view threatlist via REST

Is there any way to view actual contents of a threatlist via REST? I've found references to: | rest /services/data/t...
by laleger Explorer in Splunk Enterprise Security 10-28-2017
1 2
1
2
att35

Why cant Enterprise Security App see data from a specific index despite having correct tags?

Hi, When I search all indexed data against "Intrusion Detection" data model from Search & reporting app's context, S...
by att35 Builder in Splunk Enterprise Security 10-26-2017
0 7
0
7
tiagofbmm

Can Splunk Enterprise Security 4.7 be installed on a Windows search head?

Hi Can ES 4.7 be installed on a Windows SH? I know the documentation excludes ES with SHC on Windows, but it does no...
by tiagofbmm Influencer in Splunk Enterprise Security 10-25-2017
0 1
0
1
proletariat99

How does one remove the Enterprise Security Suite?

I tried $SPLUNK_HOME$/bin/splunk remove app SplunkEnterpriseSecuritySuite and it tells me "app doesn't exist" -- It d...
by proletariat99 Communicator in Splunk Enterprise Security 10-24-2017
0 5
0
5
Splunker6789

What is the best process to uninstall Splunk Enterprise Security Suite?

uninstall Splunk Enterprise Security Suite?
by Splunker6789 Explorer in Splunk Enterprise Security 10-23-2017
1 4
1
4
Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...
Top Solution Authors
View All