Splunk Enterprise Security

Discussions

Thread Info

Splunk Enterprise Security: How to remove threat intelligence feeds from Threat Intelligence Downloads section?

Is there a way to remove threat intelligence feeds from the 'Threat Intelligence Downloads' section? I know I can dis...

by Engager in

Splunk Enterprise Security: Does Adaptive Response support the use of dynamic input controls?

Does AR support the use of dynamic input controls? Currently Splunk 6.5 supports search-powered controls on mod alert...

by Splunk Employee in

Does the hardware requirement differ if Splunk Enterprise Security is installed on a non-productive environment with limited users?

Hi guys (and girls), we're planning to set up a Splunk Enterprise Security (ES) installation. This will not be a p...

by Motivator in

Deactivated Threat-Intel Download failed

Hi all, so I am always getting these error messages indicating that the threat-intel download failed for all sour...

by Path Finder in

Splunk Enterprise Security 4.0.2: After upgrading to Splunk 6.5.0, why is the Incident Review page broken?

I have recently upgraded my Enterprise Security search head to Splunk 6.5.0 but it seems to have broken the Incident ...

by Path Finder in

Splunk Enterprise Security: How to set up alerts when a notable event with urgency High & Critical arises in the Incident review?

Hi How to set up alerts when a notable event with urgency High & Critical arises in the Incident review with event...

by Builder in

How to create tickets to an external ticketing system for incidents from Incident Review of Splunk Enterprise Security

Team, I know how to create tickets to an external ticketing system for single rules, but in Enterprise Security, i...

by New Member in

Splunk Enterprise Security: How to alert on a list of hosts that were not scanned by Symantec for the last 7 days?

Hi, Need help in creating an alert!! Last week, we had integrated the Symantec to Splunk Enterprise Security. S...

by Path Finder in

How to remove custom correlation searches in Splunk Enterprise Security?

I've been trying to remove some custom correlation searches, but they are still generating notables. So far I've trie...

by Path Finder in

Splunk Enterprise Security: What conditions need to be met to generate an Original Event Window in Incident Review?

Hi, Splunk Enterprise 6.4.1 Splunk Enterprise Security 4.1.1 In incident review, some of my notable ev...

by Communicator in

Splunk Search head performance issue - Enterprise Security

Hi All, Currently we are facing performance issue while accessing the Splunk search head portal via web and ours is a...

by Motivator in

Drill down search is not working in Splunk Enterprise Security Incident Review tab

I've made a correlation search that appears to be working fine. But in order to create the contributing event in the ...

by Path Finder in

Whats the best way to get bro logs from an IDS to Splunk Enterprise Security thats running on a seperate server?

Right now we have another instance of splunk and bro addon running on the IDS, the bro index is then forwarded to the...

by Explorer in

Splunk Enterprise Security: How to construct an inputlookup search that will display ES identity information from their usernames?

I have a lookup with 461 usernames. I want to input the lookup to Splunk and display corresponding First and Last nam...

by Path Finder in

What is a managed app in Splunk Enterprise Security?

I'm attempting to create a new correlation search in Splunk Enterprise Security (4.1). I've created a blank app to ho...

by Super Champion in

Splunk Enterprise Security: How to modify extreme search context count_30m to 1 week?

Hi, How to change the Splunk ES context count_30m to 1 week and only limited to Deny traffic? I need to create cor...

by Explorer in

Splunk Enterprise Security: Is Splunk is able to detect low and slow password attack using correlation search?

Hi Is Splunk is able to detect low and slow password attack using correlation search? E.g. hacker attempt to guess...

by Explorer in

After upgrading to Splunk Enterprise Security 4.5, the Incident Review tab can only be viewed properly with IE & Firefox. It's a blank dashboard in Chrome.

After the ES 4.5 Upgrade the Incident Review tab can only be viewed properly with IE & Firefox, its a blank dashboard...

by Engager in

How to search when firewall disabled on servers

Dear Team, How to search when firewall disabled on servers. the below search able to see firewall status and serve...

by New Member in

How can I write my own adaptive response action?

I want to build an adaptive response action to push malware signatures from Enterprise Security into my own applicati...

by Splunk Employee in

Ignore automatic lookup just for a search

Hi! do you think if there's a way to say Splunk to ignore automatic lookups just for a search? I'm configuring som...

by Builder in

Splunk Enterprise Security: Why are all my notable events showing "0"?

Hello, Under security posture, all my notable events are showing 0 and I am not sure if it is working but we just ...

by Explorer in

How to "clean up" Splunk Enterprise Security Threat Intelligence lists to remove obsolete entries?

Hi Splunkers, We have a running Enterprise Security environment with several Threat Intelligence downloads enabled...

by Motivator in

Is it possible to generate a "ticket number" style reference for a notable event?

I'd like each notable event that is raised in ES to have a unique "ticket number" style reference, automatically incr...

by New Member in

Splunk ES Incident Review Dashboard Default Search Time Settings

I am a Splunk ES (enterprise security) user, looking to change the default search time setting for all users on the I...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk Enterprise Security: How to remove threat intelligence feeds from Threat Intelligence Downloads section?

Splunk Enterprise Security: Does Adaptive Response support the use of dynamic input controls?

Does the hardware requirement differ if Splunk Enterprise Security is installed on a non-productive environment with limited users?

Deactivated Threat-Intel Download failed

Splunk Enterprise Security 4.0.2: After upgrading to Splunk 6.5.0, why is the Incident Review page broken?

Splunk Enterprise Security: How to set up alerts when a notable event with urgency High & Critical arises in the Incident review?

How to create tickets to an external ticketing system for incidents from Incident Review of Splunk Enterprise Security

Splunk Enterprise Security: How to alert on a list of hosts that were not scanned by Symantec for the last 7 days?

How to remove custom correlation searches in Splunk Enterprise Security?

Splunk Enterprise Security: What conditions need to be met to generate an Original Event Window in Incident Review?

Splunk Search head performance issue - Enterprise Security

Drill down search is not working in Splunk Enterprise Security Incident Review tab

Whats the best way to get bro logs from an IDS to Splunk Enterprise Security thats running on a seperate server?

Splunk Enterprise Security: How to construct an inputlookup search that will display ES identity information from their usernames?

What is a managed app in Splunk Enterprise Security?

Splunk Enterprise Security: How to modify extreme search context count_30m to 1 week?

Splunk Enterprise Security: Is Splunk is able to detect low and slow password attack using correlation search?

After upgrading to Splunk Enterprise Security 4.5, the Incident Review tab can only be viewed properly with IE & Firefox. It's a blank dashboard in Chrome.

How to search when firewall disabled on servers

How can I write my own adaptive response action?

Ignore automatic lookup just for a search

Splunk Enterprise Security: Why are all my notable events showing "0"?

How to "clean up" Splunk Enterprise Security Threat Intelligence lists to remove obsolete entries?

Is it possible to generate a "ticket number" style reference for a notable event?

Splunk ES Incident Review Dashboard Default Search Time Settings

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Splunk Macro cim_Alerts_indexes Error

Editing the alert that is sent to PagerDuty

Is it possible to make it mandatory to assign Owne...

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...