Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
ADCW7TQ

How to search for specific words in URL

index=* youtube user | table _time, user, host, src, dest, bytes_in, bytes_out, url This is my simple query. I would...
by ADCW7TQ Explorer in Splunk Enterprise Security 10-11-2016
0 5
0
5
vdurepaire

Sourcetype based Eventtype doesn't pickup renamed sourcetypes consistently

Hi Guys, I am currently facing an issue with ES which seems to be originating from renaming custom sourcetype names...
by vdurepaire New Member in Splunk Enterprise Security 10-10-2016
0 2
0
2
maciep

Is there anything to watch out for when upgrading the Splunk App for Enterprise Security from 3.2.1 to 3.3 in a Search Head Clustering environment?

Anything in particular we should watch out for while upgrading the Splunk App for Enterprise Security in a search hea...
by maciep Champion in Splunk Enterprise Security 10-07-2016
0 9
0
9
jwelch_splunk

Error after Enterprise Security Upgrade to 4.1.2

Unable to initialize modular input "app_imports_update" defined inside the app "SA-Utils": Introspecting scheme=app_i...
by jwelch_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 10-07-2016
2 2
2
2
hcannon

Splunk Enterprise Security: It is possible to customize the Incident Review default search?

Enterprise Security automatically loads the Incident Review search to look for Status "All", Owner "All", Security Do...
by hcannon Path Finder in Splunk Enterprise Security 10-07-2016
0 1
0
1
khagan

When merging asset lists in Splunk Enterprise Security, what does the error "'NoneType' object has no attribute 'iteritems'" mean?

Hi, I'm trying to add a new asset list to Splunk Enterprise Security. I can see the lookup in Configuration->Data E...
by khagan Path Finder in Splunk Enterprise Security 10-06-2016
1 4
1
4
sreejith2k2

How to implement a two factor authentication (2FA) to collect external feeds from a threat intelligence provider to Splunk Enterprise Security?

Currently one of the threat intelligence providers gives us an API link to download the threat feeds. But they are pl...
by sreejith2k2 Explorer in Splunk Enterprise Security 10-05-2016
0 1
0
1
kiran331

Splunk Enterprise Security: What is the best practice for collecting Windows logs?

Hi We are collecting all logs from Windows (wineventlogs, windows, perfmon) from all the Domain Controllers. It's a ...
by kiran331 Builder in Splunk Enterprise Security 10-05-2016
0 1
0
1
stefan1988

Why are categories not merging within Identity Investigator?

Hello, I'm having two identity lookups with two different categories. One lookup with the category 'gds_account' and...
by stefan1988 Path Finder in Splunk Enterprise Security 10-05-2016
0 2
0
2
ahmedhassanean

Enterprise Security APP Indexers mapping

Dears, i would like to know how can i choose which index i forward data to it from my devices for example if i wou...
by ahmedhassanean Explorer in Splunk Enterprise Security 10-05-2016
0 7
0
7
scottrunyon

What is the difference between splunk_managment_console and splunk_monitoring_console?

After upgrade from 6.4.3 to 6.5.0, I am getting messages on my search head with Enterprise Security indicating duplic...
by scottrunyon Contributor in Splunk Enterprise Security 10-05-2016
1 4
1
4
mikaelbje

CIM and Physical Access Control Data Model - ES

Hi, are there any plans to add a Physical Access Control Data Model to the CIM? I'm considering putting physical acc...
by mikaelbje Motivator in Splunk Enterprise Security 10-05-2016
0 4
0
4
vikas_gopal

How to download Splunk Enterprise Security app?

Hi Experts, My account manager has provided me Splunk Enterprise Sales Trial for Enterprise security app. Now I just...
by vikas_gopal Builder in Splunk Enterprise Security 10-04-2016
0 5
0
5
vikas_gopal

Do we have sample data for Splunk Enterprise security app ?

Hi Experts, I have Splunk ES app, do we have any sample data which I can feed and present it using ES app. Please su...
by vikas_gopal Builder in Splunk Enterprise Security 10-04-2016
0 5
0
5
brian1_tate

Anyone have any ideas with Enterprise Security and Rapid7 to get the dest_ip, host name to be displayed/used instead of the asset number (which is wrong)?

Hello all, It appears that Rapid7 has goofed the TA to provide their asset data as the destination (dest field) inst...
by brian1_tate Path Finder in Splunk Enterprise Security 10-04-2016
1 2
1
2
rickettw

How can I use Shodan data with Splunk Enterprise Security?

I am starting to use Enterprise Security to monitor IT security metrics in my enterprise. I am aware of Shodan and ha...
by rickettw New Member in Splunk Enterprise Security 10-03-2016
0 2
0
2
koshyk

URL-based threat source : where is CSV/lookup file stored?

As per the URL http://docs.splunk.com/Documentation/ES/4.2.0/User/Configureblocklists We are looking for : Add a URL...
by koshyk Super Champion in Splunk Enterprise Security 10-01-2016
0 4
0
4
ChrisChalmers01

Enterprise Security, Staging Servers and Splunk v6.4

Currently looking to upgrade from Splunk 6.3.1 to Splunk 6.4. We run a multi-sited Clustered environment with Enterpr...
by ChrisChalmers01 Explorer in Splunk Enterprise Security 09-28-2016
0 4
0
4
panovattack

Enterprise Security 3.0 - Customize Incident Review Fields

How do you add a custom field to the Incident Review dashboard in ES 3.0? I found a solution for 2.4, but does not s...
by panovattack Communicator in Splunk Enterprise Security 09-26-2016
1 2
1
2
kiran331

Help with Query!

Hello, I'm trying to change the Correlation search 'Excessive Failed Logins' in ES by user, is there a option to exc...
by kiran331 Builder in Splunk Enterprise Security 09-26-2016
0 2
0
2
ttchorz

Has anybody incorporated Ransomwaretracker as a Threat Intelligence Feed in Splunk Enterprise Security?

Has anybody incorporated Ransomwaretracker (https://ransomwaretracker.abuse.ch/feeds/csv/) as a Threat Intelligence F...
by ttchorz Path Finder in Splunk Enterprise Security 09-19-2016
0 7
0
7
japala

Splunk Enterprise Security: Why is the Incident Review dashboard not generating results when I click on a label in the Urgency field?

Hello All, I am working with the Splunk Enterprise Security App and in the Incident Review, under Urgency, we have 5...
by japala Path Finder in Splunk Enterprise Security 09-19-2016
1 4
1
4
kiran331

Splunk Expired account activity

Hi What should be defined in Assets & identities data model for the expired accounts, right now in the data model i...
by kiran331 Builder in Splunk Enterprise Security 09-18-2016
0 8
0
8
rajksplunk

After upgrading Splunk Enterprise Security from 3.1 to 4.1.1, why did I get so many "correlation to fail" errors?

Network - Unusual Volume of Network Activity - Rule" "Network - Substantial Increase in an Event - Rule"
by rajksplunk New Member in Splunk Enterprise Security 09-15-2016
0 1
0
1
anandhim

Has anyone used Splunk Enterprise Security over Hunk?

I was wondering if running Splunk Enterprise Security over Hunk in a Hunk only or Hybrid architecture is supported/re...
by anandhim Path Finder in Splunk Enterprise Security 09-12-2016
0 5
0
5
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...
Top Solution Authors
View All