Splunk Enterprise Security

Community Activity

How do I solve ES Error: Cannot read properties of undefined (reading 'value')? Hello together, I installed in Splunk Single Instance Deployment with version 9.0.4 the Splunk ES 7.11 via CLI. If i ... by omshanti Engager in Splunk Enterprise Security 12-06-2023 1 3	1	3
Tune out blocks for Threat Activity Detected in ES. I'm a bit of a rookie and trying to tune the "Threat Activity Detected" correlation search in ES. I would like to tak... by jbillings Path Finder in Splunk Enterprise Security 12-03-2023 2 1	2	1
Changing time in my CMC app!! Hi,I'm new to Splunk and wanted to change the time zone of my Splunk cloud deployment.As of now in my Cloud Monitorin... by vishenps Path Finder in Splunk Enterprise Security 11-30-2023 0 3	0	3
Exclude a Region/Country Hello, when I run the below SPL , it gave me all the region that a user have accessed from. if I want to exclude a r... by codeJesus Engager in Splunk Enterprise Security 11-30-2023 0 2	0	2
MITRE ATT&CK Navigator Layer Is anyone aware of a way, other than manually, of creating a MITRE ATT&CK Navigator Layer based on the rules enabled ... by sidoyle_ Explorer in Splunk Enterprise Security 11-30-2023 1 1	1	1
Updating all the apps On Splunk cloud Victoria(latest) in one go!! Hi Splunkers,I do see 5-6 apps to update in my Splunk cloud, it's asking for restart whenever I'm hovering over updat... by vishenps Path Finder in Splunk Enterprise Security 11-28-2023 0 5	0	5
How can I automatically and evenly assign notables to the team in ES? Hi,I'm trying to setup a way to automatically assign notables to the analysts, and evenly. The "default owner" in the... by EssKay Engager in Splunk Enterprise Security 11-27-2023 0 0	0	0
How to send email from ES adaptive response action? I want to send customize email from Splunk ES adaptive response action. How do i add custom templet for email Messa... by abi2023 Path Finder in Splunk Enterprise Security 11-20-2023 0 2	0	2
Indexer Volumes(Disks) in a Smartstore configuration Hi All, It is recommended to use the i3.8xlarge instance type which comes with ephemeral storage for Splunk indexers... by WILLIAMSN02 Engager in Splunk Enterprise Security 11-16-2023 1 2	1	2
How to move Enterprise Security to new search head I'm planning on moving the Enterprise Security app from one search head to another; search heads are not clustered. ... by jonathanpeckham Explorer in Splunk Enterprise Security 11-14-2023 0 6	0	6
Risk-Based Alerting FAQs For new RBA users, here are some frequently asked questions to help you better get started with the product.1. What ... by loriexi Splunk Employee in Splunk Enterprise Security 11-09-2023 0 0	0	0
Description for Notable becomes "Success" I have a fairly hefty search that are looking for potential brute-force attempts in my network. I have verified that ... by NTNS New Member in Splunk Enterprise Security 11-08-2023 0 1	0	1
Identies question Hello,I've set up an identity lookup using ldapsearch - it creates an identity of "username" that contains various de... by Niro Explorer in Splunk Enterprise Security 11-07-2023 0 5	0	5
Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen Hello, We have issues to merge our dhcp_asset_list (made of dns record, mac and ip address) into the Asset & Identit... by jeanyvesnolen Path Finder in Splunk Enterprise Security 11-07-2023 3 7	3	7
threat intelligence upload not working too i get this error when upload a csv file with 2 column that included id number and maliciuos domain but when i go to t... by saraomd93 Path Finder in Splunk Enterprise Security 11-06-2023 0 0	0	0
Threat intelligence issue After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot wr... by Alan_Chan000 Loves-to-Learn Lots in Splunk Enterprise Security 11-06-2023 0 1	0	1
Splunk Security Essentials I've downloaded the splunk security essential files all into my laptop, but I can't figure out how to upload into int... by bennett_riegel New Member in Splunk Enterprise Security 11-02-2023 0 4	0	4
need spl into datamodel search Hi,Need below search into a web datmodel search index=es_web action=blocked host= * sourcetype= *\| stats count by cat... by AL3Z Builder in Splunk Enterprise Security 10-25-2023 0 1	0	1
Need changes to the datamodel search Hi,I aimed to merge the "dropped" and "blocked" values under the "IDS_Attacks.action" field in the output of the data... by AL3Z Builder in Splunk Enterprise Security 10-25-2023 0 4	0	4
Reduce the noise out of Security EventCodes.. Hi,I'm trying to reduce the noise out of these EventCodes which we can exclude in the enterprise security point of vi... by AL3Z Builder in Splunk Enterprise Security 10-25-2023 0 5	0	5
How to create query for showing when was a Notable alert assigned and calculate SLA based off that? Hi, I need to report on when a Notable alert was changed from the default "unassigned" status to " Acknowledged" stat... by neerajs_81 Builder in Splunk Enterprise Security 10-25-2023 0 1	0	1
Splunk Enterprise Security Devices support DearsHow to find out what Devices (Switch, Router, etc.), operating systems (Windows, linux, MacOs, etc.), applicatio... by alaalsanea Observer in Splunk Enterprise Security 10-23-2023 0 1	0	1
Developing reliable searches dealing with events indexing delay Hello everyone,I am concerned about single-event-match (e.g. observable-based) searches and the eventual indexing del... by StefanoA Explorer in Splunk Enterprise Security 10-19-2023 0 1	0	1
Endpoint Correlation Searches. We are in the process of deploying our endpoint logging strategy. Right now, we are using CrowdStrike as our EDR. As ... by Albert_Cyber Explorer in Splunk Enterprise Security 10-19-2023 0 1	0	1
Adding Additional fields to notable events I am pretty new to ES correlation seraches and I am trying to figure out how to add additionals fields to notable eve... by Albert_Cyber Explorer in Splunk Enterprise Security 10-17-2023 0 3	0	3