Splunk Enterprise Security

Discussions

Thread Info

Anyone have a search for meant time to triage for specific urgency (high or critical)?

Anyone have a search for Meant Time to Triage for specific urgency (high or critical)? I'm having no luck trying to m...

by Splunk Employee in

How do I find a list of correlation searches in ES or Splunk Ent. that are not working like missing macros etc...?

Please help me with an SPL to locate Corr. searches that are in trouble , not working right. For example missing a ma...

by Builder in

Splunk ES Threat matching src -How to solve this Multisearch Issue?

Hi,I am facing an strange issue on a SIEM Installation (Splunk 9.0.2 / ES 7.0.1) in regards to multisearch which is u...

by Loves-to-Learn in

How do I edit the time frame/window for a key indicator?

How do I edit the time frame/window for a default key indicator (e.g. VULNS PER SYSTEM found in the Vulnerability Cen...

by Splunk Employee in

What is this error: Unknown search command 'essinstall'.?

Splunk 9.0.0 on Windows servers So I clicked on Apps \ Enterprise Security and I was greeted with that error A...

by Contributor in

Is it possible that logs get duplicated between Splunk Enterprise and Splunk Enterprise Security?

Hi! I want to know if is possible to get duplicated ingestion of logs between Splunk Enterprise and Splunk enterpr...

by Explorer in

How to customize Threat Activity dashboard by adding new fields?

Hello! I am experiencing troubles with analyzing Threat Intelligence data in Enterprise Security. When I go to Sec...

by Path Finder in

How to create Splunk alert to detect unauthorized certificate usage?

Hi, I am trying to extract a new field to spot unauthrorised certificate usage on a server. Under event ID 4768, ...

by New Member in

Why is Threat Intelligence not correctly parsing and automatically setting to STIX parsing?

Hi all, Within Splunk ES I've configured a test threat intelligence feed with the following settings: New > Lin...

by Explorer in

How can I change Threat intelligence setting the default time that the removal process runs for threat sources?

In the documentation at https://docs.splunk.com/Documentation/ES/7.0.2/Admin/Changethreatintel under Review the l...

by Explorer in

Web application firewall use case: How to find top targeted domain on my domain?

Hi Team,I am working on web application firewall related use case, I wanna find out top targeted domain on my domain....

by Engager in

How to add new field to existing CIM data model?

Hello. Using the eval function, trying to add a new field to the Change data model. When I try to add the new fie...

by Loves-to-Learn in

Where can I view created notable alert suppression entries in ES?

Hello, Where can I view notable alert suppression entries in ES? I'm looking for a way to not only audit these ...

by Explorer in

How to reduce notable events that correlation search has generating?

Hi, I have created an advance threat protection incidents Correlation Search which is generating notable events...

by Path Finder in

Is there customization required for Salesforce integration with Splunk for below case?

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Anyone have a search for meant time to triage for specific urgency (high or critical)?

How do I find a list of correlation searches in ES or Splunk Ent. that are not working like missing macros etc...?

Splunk ES Threat matching src -How to solve this Multisearch Issue?

How do I edit the time frame/window for a key indicator?

What is this error: Unknown search command 'essinstall'.?

Is it possible that logs get duplicated between Splunk Enterprise and Splunk Enterprise Security?

How to customize Threat Activity dashboard by adding new fields?

How to create Splunk alert to detect unauthorized certificate usage?

Why is Threat Intelligence not correctly parsing and automatically setting to STIX parsing?

How can I change Threat intelligence setting the default time that the removal process runs for threat sources?

Web application firewall use case: How to find top targeted domain on my domain?

How to add new field to existing CIM data model?

Where can I view created notable alert suppression entries in ES?

How to reduce notable events that correlation search has generating?

Is there customization required for Salesforce integration with Splunk for below case?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

How can I automatically and evenly assign notables...

Risk-Based Alerting FAQs

threat intelligence upload not working too

Splunk Enterprise Security - permissions issue

Splunk Enterprise Security Install Error In Deploy...