Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
thomas_porter
I upgraded the ES app from 4.5 to 4.7. I work on a closed system so I do not make use of the Threat Intel downloads....
by thomas_porter Explorer in Splunk Enterprise Security 11-07-2017
1 7
1
7
samhodgson
Hi All, I've just got Enterprise Security configured and im now trying to reduce the amount of false alarms created....
by samhodgson Path Finder in Splunk Enterprise Security 11-07-2017
2 3
2
3
sumitkathpal
Hi All, I just found that each logs of windows AD get tagged to alert data model, When i accelerate the data model f...
by sumitkathpal Explorer in Splunk Enterprise Security 11-07-2017
0 1
0
1
dsrvern
Hi, I'm using Splunk 6.6.3 with the Enterprise Security app, with access only to the web interface. I have two inde...
by dsrvern Explorer in Splunk Enterprise Security 11-06-2017
0 3
0
3
thambisetty
Hi, I have created correlation search and added Run a script adaptive response and notable adaptive response. I could...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 11-06-2017
0 1
0
1
test_qweqwe
Hello all! What should I do or what should I know, (maybe some tricks or magic) if I need to quickly rewrite my searc...
by test_qweqwe Builder in Splunk Enterprise Security 11-02-2017
0 1
0
1
traxxasbreaker
I have an instance where I want to keep data model accelerations disabled but they seem to keep turning back on if I ...
by traxxasbreaker Communicator in Splunk Enterprise Security 10-30-2017
2 3
2
3
gerrydevenney
I have a 50GB Splunk licence and equivalent 50GB ES licence. I have been asked to install a 25GB ES licence in prepar...
by gerrydevenney Engager in Splunk Enterprise Security 10-30-2017
0 3
0
3
laleger
Is there any way to view actual contents of a threatlist via REST? I've found references to: | rest /services/data/t...
by laleger Explorer in Splunk Enterprise Security 10-28-2017
1 2
1
2
att35
Hi, When I search all indexed data against "Intrusion Detection" data model from Search & reporting app's context, S...
by att35 Builder in Splunk Enterprise Security 10-26-2017
0 7
0
7
tiagofbmm
Hi Can ES 4.7 be installed on a Windows SH? I know the documentation excludes ES with SHC on Windows, but it does no...
by tiagofbmm Influencer in Splunk Enterprise Security 10-25-2017
0 1
0
1
proletariat99
I tried $SPLUNK_HOME$/bin/splunk remove app SplunkEnterpriseSecuritySuite and it tells me "app doesn't exist" -- It d...
by proletariat99 Communicator in Splunk Enterprise Security 10-24-2017
0 5
0
5
Splunker6789
uninstall Splunk Enterprise Security Suite?
by Splunker6789 Explorer in Splunk Enterprise Security 10-23-2017
1 4
1
4
test_qweqwe
We have this config: [threatlist://ransomware_ip_blocklist] delim_regex = : description = abuse.ch Ransomware Bloc...
by test_qweqwe Builder in Splunk Enterprise Security 10-23-2017
0 1
0
1
donaldwayne1975
Pondering if the prohibited_traffic.csv lookup used by SA-NetworkProtection in Enterprise Security could be updated t...
by donaldwayne1975 Path Finder in Splunk Enterprise Security 10-21-2017
0 1
0
1
rbacker527
If I have a notable event is there a way within incident review to tag the user with watchlist?
by rbacker527 Engager in Splunk Enterprise Security 10-20-2017
0 1
0
1
kausar
I am looking for advices on how to plan the backup and storage of "My Investigations" data in the Splunk Enterprise S...
by kausar Path Finder in Splunk Enterprise Security 10-19-2017
0 3
0
3
test_qweqwe
It's impossible to detect WannaCry by app ES Content Updates? Someone have experience in this? app: https://splunkba...
by test_qweqwe Builder in Splunk Enterprise Security 10-19-2017
0 2
0
2
GenericSplunkUs
Hello All, I'm looking to find a history of what notables have been suppressed after the suppression has expired. I'...
by GenericSplunkUs Path Finder in Splunk Enterprise Security 10-18-2017
0 1
0
1
gopmister
I am running a ESS Correlation search in App Context Enterprise Security. I verified the lookup and it exists in the...
by gopmister Explorer in Splunk Enterprise Security 10-16-2017
0 3
0
3
panovattack
I have installed extra visualization (e.g. Sankey). The visualization option is available in the search app and the ...
by panovattack Communicator in Splunk Enterprise Security 10-15-2017
0 1
0
1
echojacques
This correlation search detects a "substantial increase in port activity" and it works well. How can I tune/modify i...
by echojacques Builder in Splunk Enterprise Security 10-12-2017
0 6
0
6
dellytaniasetia
Hi Is it possible to clone/duplicate Incident Review in the Splunk Enterprise Security app? I would like to create 2...
by dellytaniasetia Explorer in Splunk Enterprise Security 10-10-2017
0 6
0
6
MonkeyK
Are there best practices when mapping PaloAlto firewall logs to CIM datamodels? One think that I noticed is that Netw...
by MonkeyK Builder in Splunk Enterprise Security 10-10-2017
1 2
1
2
tracegordon
In an Enterprise Security Correlation Search I have a report that emails out when an email address is seen across mul...
by tracegordon Engager in Splunk Enterprise Security 10-10-2017
1 1
1
1
Get Updates on the Splunk Community!

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...