Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
echojacques

Need help modifying this correlation search

This correlation search detects a "substantial increase in port activity" and it works well. How can I tune/modify i...
by echojacques Builder in Splunk Enterprise Security 10-12-2017
0 6
0
6
dellytaniasetia

Splunk Enterprise Security: How to clone and modify the Incident Review dashboard?

Hi Is it possible to clone/duplicate Incident Review in the Splunk Enterprise Security app? I would like to create 2...
by dellytaniasetia Explorer in Splunk Enterprise Security 10-10-2017
0 6
0
6
MonkeyK

Are there best practices for CIM datamodel mapping for PaloAlto firewalls?

Are there best practices when mapping PaloAlto firewall logs to CIM datamodels? One think that I noticed is that Netw...
by MonkeyK Builder in Splunk Enterprise Security 10-10-2017
1 2
1
2
tracegordon

Throttle unless count increases

In an Enterprise Security Correlation Search I have a report that emails out when an email address is seen across mul...
by tracegordon Engager in Splunk Enterprise Security 10-10-2017
1 1
1
1
rdjoraev_splunk

Why is there excessive memory usage on indexers after upgrading to Enteprise Security 4.7.x

There many reports of high CPU or memory utilization on the indexers after upgrading Spunk Enterprise Security (ES) t...
by rdjoraev_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 10-06-2017
0 2
0
2
support0

Splunk Stream Built-in stream populating Dashboard vs Protocol Events

Hi there, I have deployed Splunk Stream on a distributed environment. SH ES > Stream App + Stream TA IDX > Stream ...
by support0 Path Finder in Splunk Enterprise Security 10-05-2017
0 2
0
2
sumanssah

Help ! add manual data to a sourcetype

Hi, I am creating an dashboard and want to know, if we have any possibility to add data manually to sourcetype. Exa...
by sumanssah Communicator in Splunk Enterprise Security 10-05-2017
0 2
0
2
MAMAOUI

Can we use the powershell/ APT for integration of Rights Management Service/ Office 365 (RMS) data to Splunk

Hi All I'm looking for informations or methods on integrating RMS (Rights Management service/Office365) into Splun...
by MAMAOUI Explorer in Splunk Enterprise Security 10-03-2017
0 1
0
1
wilhelmF

Splunk Enterprise Security: Content Management and Incident Review page not showing anything after upgrade

We just recently upgraded to the latest version of ES 4.7.2 from 4.5.2 However after upgrading the page content manag...
by wilhelmF Path Finder in Splunk Enterprise Security 10-01-2017
0 6
0
6
LukeMurphey

How do I add fields to a data-model from the CIM without rebuilding my data-models?

I want to add some fields to a data-model that comes with the Common Information Model app but I want to avoid rebuil...
by LukeMurphey Champion in Splunk Enterprise Security 09-29-2017
0 1
0
1
shandman

Tripwire TA that integrates with Splunk Enterprise Security?

The last post I see on this subject is almost three years old. Does anyone know if there is a Tripwire TA that integr...
by shandman Path Finder in Splunk Enterprise Security 09-25-2017
0 2
0
2
tcjohae

Is the Tripwire Enterprise App for Splunk ES compatible with the Splunk App for Enterprise Security?

Is the Tripwire Enterprise App for Splunk ES compatible with the Splunk App for Enterprise Security?
by tcjohae New Member in Splunk Enterprise Security 09-25-2017
0 4
0
4
laurent_ripaux

Getting F5 data into the data model of enterprise security

The F5 logs are sent through the syslog to Splunk. However, the messages are not likely correctly cut out because man...
by laurent_ripaux New Member in Splunk Enterprise Security 09-15-2017
0 3
0
3
rchan11

Questions about getting started with Splunk Enterprise Security

Hi, I'm new to Splunk Enterprise Security but we do have Splunk to monitor and alert on our application logs. Are t...
by rchan11 Explorer in Splunk Enterprise Security 09-14-2017
0 3
0
3
cwilmoth

Splunk Common Information Model (CIM): Why is data model acceleration not working for Email data model?

We are running the latest versions of Splunk Enterprise, Splunk Enterprise Security, and Splunk Common Information Mo...
by cwilmoth Path Finder in Splunk Enterprise Security 09-13-2017
0 4
0
4
Skins

How can I test for high or critical notable events?

I have read this article which describes searching for high or critical notable events. https://answers.splunk.com/a...
by Skins Path Finder in Splunk Enterprise Security 09-11-2017
0 2
0
2
Skins

Create indexer app purely for index configs and splitting hot\warm paths - what considerations when ES Splunk_TA_ForIndexers is used ?

allo, I have inherited a scenario of 1 x SH, 1 DS, 1 IDX, 1HF The SH has an instance of ES installed. I'm looking a...
by Skins Path Finder in Splunk Enterprise Security 09-09-2017
0 2
0
2
mattbellezza

How can I accelerate my DataModel Query below to work better for an Alert?

I am trying to speed up my data model search for an alert that checks every 5 minutes (for the last 5 minutes) for "e...
by mattbellezza Explorer in Splunk Enterprise Security 09-08-2017
0 1
0
1
Shradha_Venkata

Setting Multiple severity level for same Correlation search

Hi, Is it possible to set two different severity level for same Correlation search. For Eg My search output list s...
by Shradha_Venkata New Member in Splunk Enterprise Security 09-08-2017
0 1
0
1
colinjmchugo

Repeat offenders risk

I have a weighted score for repeat offenders using the following formula | table _time id priority.name username hos...
by colinjmchugo Explorer in Splunk Enterprise Security 09-07-2017
0 5
0
5
sumanssah

Search for common values from 2 different sourcetypes

Hello, I am trying to create an Splunk query to get common username from 2 different sourcetype : 1st Sourcetype : ...
by sumanssah Communicator in Splunk Enterprise Security 09-05-2017
0 1
0
1
vanderaj2

What populates the list of "Owners" in the ES App?

Hey Splunkers, I'd like to assign an owner to some events appearing in the 'Incident Review" dashboard in the Enterp...
by vanderaj2 Path Finder in Splunk Enterprise Security 08-30-2017
1 3
1
3
guarisma

Cisco ACI Add-on for Splunk Enterprise: What CIM Module data sets does are in compliance for each sourcetype?

The Cisco ACI Add-on for Splunk Enterprise provides these source types: cisco:apic:health cisco:apic:stats cisco:api...
by guarisma Contributor in Splunk Enterprise Security 08-29-2017
0 2
0
2
Skins

How to remove custom correlation searches in Splunk Enterprise Security?

IF an error is made when creating a correlation search - like using the wrong app context, and you'd like to remove t...
by Skins Path Finder in Splunk Enterprise Security 08-29-2017
1 1
1
1
JoeBlake

Are there issues with adding Enterprise Security 3.3.0 with my overall search head cluster?

Can I combine enterprise security 3.3.0 with PCI 2.1.1 AND all of my other non CIM compliant apps into one big search...
by JoeBlake Engager in Splunk Enterprise Security 08-29-2017
3 4
3
4
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...
Top Solution Authors
View All