Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
danielbb

Enterprise Security: What are the extraction fields?

We wonder what the identity, Asset, File and URL Extraction fields are in the Notable set-up of the correlation searc...
by danielbb Motivator in Splunk Enterprise Security 02-07-2024
0 3
0
3
Raj

Using the _time field for throttling within the correlation search.

Hi all,In my AD computer account deletion correlation search, I use _time and subjectusername in throttling fields fo...
by Raj Builder in Splunk Enterprise Security 02-05-2024
0 3
0
3
Raj

Identifying Triggered Notables in CS without Incident Dashboard Access

Hi,I would like to know about the triggered notable events from CS without accessing the incident review dashboard, a...
by Raj Builder in Splunk Enterprise Security 02-03-2024
0 1
0
1
Haleb

Count events for two period of time

I need to calculate the average number of events in the last hour and compare it with the number of events in the las...
by Haleb Path Finder in Splunk Enterprise Security 02-02-2024
0 1
0
1
dood9999

Help with ESS Incident Review "There was an error fetching related investigations"

Having issues with fetching investigations in incident review.Investigation is added for the alert but when accessing...
by dood9999 Explorer in Splunk Enterprise Security 02-01-2024
1 0
1
0
smithahc1966

Query to list Crowdstrike Agent versions installed

I am looking for a query to list out CrowdStrike Agent versions installed. What is the latest version, are the client...
by smithahc1966 New Member in Splunk Enterprise Security 01-30-2024
0 1
0
1
gbam

Closing Notable Events - Set Close Datetime

I'm looking to close out (or delete) all notable events that were created prior to a specific date time.  The way the...
by gbam Explorer in Splunk Enterprise Security 01-28-2024
0 1
0
1
SamHTexas

How to setup Monitoring console for ES. What Health Check Item should be watched for. Thank u in advance.

What health check items would you configure for Ent. Security app. for general purpose of for Security watch purposes...
by SamHTexas Builder in Splunk Enterprise Security 01-27-2024
0 2
0
2
RINECA

install and update Splunk Enterprise Security

"El servidor que aloja Splunk Enterprise no tiene acceso a Internet sin restricciones por razones de seguridad. Es ne...
by RINECA Observer in Splunk Enterprise Security 01-25-2024
0 0
0
0
leonphelps_s

Splunk Enterprise Security: How can I change the sort order of the incident review page?

How can I change the sort order of the incident review page within Splunk Enterprise Security? The default appears to...
by leonphelps_s Path Finder in Splunk Enterprise Security 01-23-2024
0 7
0
7
sharlak

Development: Where can I access the Assign to Me button functionality

I am developing a small app to add a quick assign button to events in the Incident Review board. Currently, if you t...
by sharlak Engager in Splunk Enterprise Security 01-23-2024
2 1
2
1
Haleb

Best practice to get local time of event

Please advise on the optimal solution for this business task. I have a set of events with the following fields:  city...
by Haleb Path Finder in Splunk Enterprise Security 01-22-2024
0 1
0
1
cYcJo7

How to generate a report based on utilisation of Enterprise Security

Hello, is it possible to analyse the utilisation of enterprise security, I assume it is currently not used in our com...
by cYcJo7 Engager in Splunk Enterprise Security 01-19-2024
0 4
0
4
hieuba

Where to add custom artifact types to use in the workbench?

Hello everyoneIn the Investigation view, in the Workbench section, I want to add a different artifact type than the o...
by hieuba Loves-to-Learn Lots in Splunk Enterprise Security 01-17-2024
0 0
0
0
faisalzabd

sysmon fields mapping to endpoint datamodel

I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which ...
by faisalzabd Engager in Splunk Enterprise Security 01-17-2024
0 1
0
1
jrodriguezap

Where to add custom artifact types to use in the workbench?

Hello everyoneIn the Investigation view, in the Workbench section, I want to add a different artifact type than the o...
by jrodriguezap Contributor in Splunk Enterprise Security 01-17-2024
1 3
1
3
noobSpl888

app ES Content Updates disable

Hi,Will disable the app (ES Content Updates)  affect the functionality of Enterprise Security?ThanksRegards 
by noobSpl888 Engager in Splunk Enterprise Security 01-15-2024
0 1
0
1
rajafarhat16

Encountered the following error while trying to update: Importing the following role(s) creates a cycle in role inheritance: can_delete, phantom, power, splunk-system-role, user

i got following Error Message While adding Capabilities in Splunk "Encountered the following error while trying to u...
by rajafarhat16 New Member in Splunk Enterprise Security 01-13-2024
0 2
0
2
mohad

threat intelligence

I am subscribed to a 3rd party threat intelligence called Group-IB.  I have the Group-IBapp for splunk installed on m...
by mohad Loves-to-Learn in Splunk Enterprise Security 01-11-2024
0 2
0
2
somari

Group-IB Threat Intelligence

Hi Splunkers, we have ingested Threat Intelligence Feeds from Group-IB  into Splunk, we want to benefit from this dat...
by somari Explorer in Splunk Enterprise Security 01-10-2024
0 1
0
1
Raj

How to Identifying XSOAR-Monitored Correlation Searches in Splunk ES

Hello,I'd like to know how to locate the correlation searches that XSOAR is monitoring, rather than the incident revi...
by Raj Builder in Splunk Enterprise Security 01-09-2024
0 0
0
0
NDabhi21

Notable Dashboard for User activity

Dear All,To create the below table for the Notable dashboard in  ES, can you please advise. Thanks  User1 User1 User2...
by NDabhi21 Explorer in Splunk Enterprise Security 01-07-2024
0 0
0
0
Eyal

Splunk time parse

Hi, Splunk usually takes the log time event (_time) and parse it to:date_hour, date_mday, date_minute, date_month, da...
by Eyal Path Finder in Splunk Enterprise Security 01-05-2024
0 5
0
5
domino30

Health warning or error

We have a sandbox environment  with vpsphere and it works mostly just finewe believe the time sync is corect because ...
by domino30 Path Finder in Splunk Enterprise Security 01-05-2024
0 2
0
2
Poojitha

Sendemail command email body

Hi All,I am using send email command to send csv file to different recepients based on the search . | eval subject="T...
by Poojitha Communicator in Splunk Enterprise Security 01-02-2024
0 1
0
1
Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Index This | What has goals but no motivation?

June 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...