Splunk Enterprise Security

Discussions

Thread Info

Error after Enterprise Security Upgrade to 4.1.2

Unable to initialize modular input "app_imports_update" defined inside the app "SA-Utils": Introspecting scheme=app_i...

by Splunk Employee in

Splunk Enterprise Security: It is possible to customize the Incident Review default search?

Enterprise Security automatically loads the Incident Review search to look for Status "All", Owner "All", Security Do...

by Path Finder in

When merging asset lists in Splunk Enterprise Security, what does the error "'NoneType' object has no attribute 'iteritems'" mean?

Hi, I'm trying to add a new asset list to Splunk Enterprise Security. I can see the lookup in Configuration->Data ...

by Path Finder in

How to implement a two factor authentication (2FA) to collect external feeds from a threat intelligence provider to Splunk Enterprise Security?

Currently one of the threat intelligence providers gives us an API link to download the threat feeds. But they are pl...

by Explorer in

Splunk Enterprise Security: What is the best practice for collecting Windows logs?

Hi We are collecting all logs from Windows (wineventlogs, windows, perfmon) from all the Domain Controllers. It's ...

by Builder in

Why are categories not merging within Identity Investigator?

Hello, I'm having two identity lookups with two different categories. One lookup with the category 'gds_account' a...

by Path Finder in

Enterprise Security APP Indexers mapping

Dears, i would like to know how can i choose which index i forward data to it from my devices for example if i...

by Explorer in

What is the difference between splunk_managment_console and splunk_monitoring_console?

After upgrade from 6.4.3 to 6.5.0, I am getting messages on my search head with Enterprise Security indicating duplic...

by Contributor in

CIM and Physical Access Control Data Model - ES

Hi, are there any plans to add a Physical Access Control Data Model to the CIM? I'm considering putting physical a...

by Motivator in

How to download Splunk Enterprise Security app?

Hi Experts, My account manager has provided me Splunk Enterprise Sales Trial for Enterprise security app. Now I ju...

by Builder in

Do we have sample data for Splunk Enterprise security app ?

Hi Experts, I have Splunk ES app, do we have any sample data which I can feed and present it using ES app. Please ...

by Builder in

Anyone have any ideas with Enterprise Security and Rapid7 to get the dest_ip, host name to be displayed/used instead of the asset number (which is wrong)?

Hello all, It appears that Rapid7 has goofed the TA to provide their asset data as the destination (dest field) in...

by Path Finder in

How can I use Shodan data with Splunk Enterprise Security?

I am starting to use Enterprise Security to monitor IT security metrics in my enterprise. I am aware of Shodan and ha...

by New Member in

URL-based threat source : where is CSV/lookup file stored?

As per the URL http://docs.splunk.com/Documentation/ES/4.2.0/User/Configureblocklists We are looking for : Add a U...

by Super Champion in

Enterprise Security, Staging Servers and Splunk v6.4

Currently looking to upgrade from Splunk 6.3.1 to Splunk 6.4. We run a multi-sited Clustered environment with Enterpr...

by Explorer in

Enterprise Security 3.0 - Customize Incident Review Fields

How do you add a custom field to the Incident Review dashboard in ES 3.0? I found a solution for 2.4, but does not se...

by Communicator in

Help with Query!

Hello, I'm trying to change the Correlation search 'Excessive Failed Logins' in ES by user, is there a option to e...

by Builder in

Has anybody incorporated Ransomwaretracker as a Threat Intelligence Feed in Splunk Enterprise Security?

Has anybody incorporated Ransomwaretracker (https://ransomwaretracker.abuse.ch/feeds/csv/) as a Threat Intelligence F...

by Path Finder in

Splunk Enterprise Security: Why is the Incident Review dashboard not generating results when I click on a label in the Urgency field?

Hello All, I am working with the Splunk Enterprise Security App and in the Incident Review, under Urgency, we have 5...

by Path Finder in

Splunk Expired account activity

Hi What should be defined in Assets & identities data model for the expired accounts, right now in the data model...

by Builder in

After upgrading Splunk Enterprise Security from 3.1 to 4.1.1, why did I get so many "correlation to fail" errors?

Network - Unusual Volume of Network Activity - Rule" "Network - Substantial Increase in an Event - Rule"

by New Member in

Has anyone used Splunk Enterprise Security over Hunk?

I was wondering if running Splunk Enterprise Security over Hunk in a Hunk only or Hybrid architecture is supported/re...

by Path Finder in

Searching DNS queries into reports from Splunk Stream

So I know there is a newer app called Stream. It has a massive amount of DNS queries from 100 hosts at least in Strea...

by Path Finder in

How would I write a query that defines failure or success against firewall by geoIP?

I realize this is a silly question but it just so happens we have so many firewalls in exist stance that traffic that...

by Path Finder in

Splunk Enterprise Security 4.1.1 and storage requirements: Where are ES files stored?

I am installing Splunk Enterprise Security 4.1.1 and know that this application can gobble up file system space. I ha...

by Builder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Error after Enterprise Security Upgrade to 4.1.2

Splunk Enterprise Security: It is possible to customize the Incident Review default search?

When merging asset lists in Splunk Enterprise Security, what does the error "'NoneType' object has no attribute 'iteritems'" mean?

How to implement a two factor authentication (2FA) to collect external feeds from a threat intelligence provider to Splunk Enterprise Security?

Splunk Enterprise Security: What is the best practice for collecting Windows logs?

Why are categories not merging within Identity Investigator?

Enterprise Security APP Indexers mapping

What is the difference between splunk_managment_console and splunk_monitoring_console?

CIM and Physical Access Control Data Model - ES

How to download Splunk Enterprise Security app?

Do we have sample data for Splunk Enterprise security app ?

Anyone have any ideas with Enterprise Security and Rapid7 to get the dest_ip, host name to be displayed/used instead of the asset number (which is wrong)?

How can I use Shodan data with Splunk Enterprise Security?

URL-based threat source : where is CSV/lookup file stored?

Enterprise Security, Staging Servers and Splunk v6.4

Enterprise Security 3.0 - Customize Incident Review Fields

Help with Query!

Has anybody incorporated Ransomwaretracker as a Threat Intelligence Feed in Splunk Enterprise Security?

Splunk Enterprise Security: Why is the Incident Review dashboard not generating results when I click on a label in the Urgency field?

Splunk Expired account activity

After upgrading Splunk Enterprise Security from 3.1 to 4.1.1, why did I get so many "correlation to fail" errors?

Has anyone used Splunk Enterprise Security over Hunk?

Searching DNS queries into reports from Splunk Stream

How would I write a query that defines failure or success against firewall by geoIP?

Splunk Enterprise Security 4.1.1 and storage requirements: Where are ES files stored?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code