Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
tomapatan
Hi Everyone,We`ve created a new TA to get data in from an API - this was done on the HF and the data is being sent to...
by tomapatan Contributor in Splunk Enterprise Security 02-09-2024
0 1
0
1
jamesbanday
Why I can't  I see data on Splunk ES Non-corporate Web Uploads? When I click on the user, I get mariangelie.rodriguez...
by jamesbanday New Member in Splunk Enterprise Security 02-08-2024
0 1
0
1
syazwani
Hi peeps, We were fine tuning the Notable Event, and there were fields that were not showing any values. Those fields...
by syazwani Path Finder in Splunk Enterprise Security 02-08-2024
0 3
0
3
navarec
Hi All,The data checkpoint file for windows logs is taking up a lot of disk space (over 100 GB).Where can I check the...
by navarec Explorer in Splunk Enterprise Security 02-07-2024
1 0
1
0
danielbb
We wonder what the identity, Asset, File and URL Extraction fields are in the Notable set-up of the correlation searc...
by danielbb Motivator in Splunk Enterprise Security 02-07-2024
0 3
0
3
Raj
Hi all,In my AD computer account deletion correlation search, I use _time and subjectusername in throttling fields fo...
by Raj Builder in Splunk Enterprise Security 02-05-2024
0 3
0
3
Raj
Hi,I would like to know about the triggered notable events from CS without accessing the incident review dashboard, a...
by Raj Builder in Splunk Enterprise Security 02-03-2024
0 1
0
1
Haleb
I need to calculate the average number of events in the last hour and compare it with the number of events in the las...
by Haleb Path Finder in Splunk Enterprise Security 02-02-2024
0 1
0
1
dood9999
Having issues with fetching investigations in incident review.Investigation is added for the alert but when accessing...
by dood9999 Explorer in Splunk Enterprise Security 02-01-2024
1 0
1
0
smithahc1966
I am looking for a query to list out CrowdStrike Agent versions installed. What is the latest version, are the client...
by smithahc1966 New Member in Splunk Enterprise Security 01-30-2024
0 1
0
1
gbam
I'm looking to close out (or delete) all notable events that were created prior to a specific date time.  The way the...
by gbam Explorer in Splunk Enterprise Security 01-28-2024
0 1
0
1
SamHTexas
What health check items would you configure for Ent. Security app. for general purpose of for Security watch purposes...
by SamHTexas Builder in Splunk Enterprise Security 01-27-2024
0 2
0
2
RINECA
"El servidor que aloja Splunk Enterprise no tiene acceso a Internet sin restricciones por razones de seguridad. Es ne...
by RINECA Observer in Splunk Enterprise Security 01-25-2024
0 0
0
0
leonphelps_s
How can I change the sort order of the incident review page within Splunk Enterprise Security? The default appears to...
by leonphelps_s Path Finder in Splunk Enterprise Security 01-23-2024
0 7
0
7
sharlak
I am developing a small app to add a quick assign button to events in the Incident Review board. Currently, if you t...
by sharlak Engager in Splunk Enterprise Security 01-23-2024
2 1
2
1
Haleb
Please advise on the optimal solution for this business task. I have a set of events with the following fields:  city...
by Haleb Path Finder in Splunk Enterprise Security 01-22-2024
0 1
0
1
cYcJo7
Hello, is it possible to analyse the utilisation of enterprise security, I assume it is currently not used in our com...
by cYcJo7 Engager in Splunk Enterprise Security 01-19-2024
0 4
0
4
hieuba
Hello everyoneIn the Investigation view, in the Workbench section, I want to add a different artifact type than the o...
by hieuba Loves-to-Learn Lots in Splunk Enterprise Security 01-17-2024
0 0
0
0
faisalzabd
I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which ...
by faisalzabd Engager in Splunk Enterprise Security 01-17-2024
0 1
0
1
jrodriguezap
Hello everyoneIn the Investigation view, in the Workbench section, I want to add a different artifact type than the o...
by jrodriguezap Contributor in Splunk Enterprise Security 01-17-2024
1 3
1
3
noobSpl888
Hi,Will disable the app (ES Content Updates)  affect the functionality of Enterprise Security?ThanksRegards 
by noobSpl888 Engager in Splunk Enterprise Security 01-15-2024
0 1
0
1
rajafarhat16
i got following Error Message While adding Capabilities in Splunk "Encountered the following error while trying to u...
by rajafarhat16 New Member in Splunk Enterprise Security 01-13-2024
0 2
0
2
mohad
I am subscribed to a 3rd party threat intelligence called Group-IB.  I have the Group-IBapp for splunk installed on m...
by mohad Loves-to-Learn in Splunk Enterprise Security 01-11-2024
0 2
0
2
somari
Hi Splunkers, we have ingested Threat Intelligence Feeds from Group-IB  into Splunk, we want to benefit from this dat...
by somari Explorer in Splunk Enterprise Security 01-10-2024
0 1
0
1
Raj
Hello,I'd like to know how to locate the correlation searches that XSOAR is monitoring, rather than the incident revi...
by Raj Builder in Splunk Enterprise Security 01-09-2024
0 0
0
0
Get Updates on the Splunk Community!

Introducing ITSI 5.0: Unified Visibility and Actionable Insights

Introducing ITSI 5.0: Unified Visibility and Actionable Insights Tuesday, July 21, 2026  |  10:00AM PT / ...

Inside Splunk Agent Observability: Understanding Agent Behavior, Tokens & Costs

Inside Splunk Agent Observability:Understanding Agent Behavior, Tokens & Costs Thursday, August 06, ...

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...