Splunk Enterprise Security

Community Activity

Anyone have any ideas with Enterprise Security and Rapid7 to get the dest_ip, host name to be displayed/used instead of the asset number (which is wrong)? Hello all, It appears that Rapid7 has goofed the TA to provide their asset data as the destination (dest field) inst... by brian1_tate Path Finder in Splunk Enterprise Security 10-04-2016 1 2	1	2
How can I use Shodan data with Splunk Enterprise Security? I am starting to use Enterprise Security to monitor IT security metrics in my enterprise. I am aware of Shodan and ha... by rickettw New Member in Splunk Enterprise Security 10-03-2016 0 2	0	2
URL-based threat source : where is CSV/lookup file stored? As per the URL http://docs.splunk.com/Documentation/ES/4.2.0/User/Configureblocklists We are looking for : Add a URL... by koshyk Super Champion in Splunk Enterprise Security 10-01-2016 0 4	0	4
Enterprise Security, Staging Servers and Splunk v6.4 Currently looking to upgrade from Splunk 6.3.1 to Splunk 6.4. We run a multi-sited Clustered environment with Enterpr... by ChrisChalmers01 Explorer in Splunk Enterprise Security 09-28-2016 0 4	0	4
Enterprise Security 3.0 - Customize Incident Review Fields How do you add a custom field to the Incident Review dashboard in ES 3.0? I found a solution for 2.4, but does not s... by panovattack Communicator in Splunk Enterprise Security 09-26-2016 1 2	1	2
Help with Query! Hello, I'm trying to change the Correlation search 'Excessive Failed Logins' in ES by user, is there a option to exc... by kiran331 Builder in Splunk Enterprise Security 09-26-2016 0 2	0	2
Has anybody incorporated Ransomwaretracker as a Threat Intelligence Feed in Splunk Enterprise Security? Has anybody incorporated Ransomwaretracker (https://ransomwaretracker.abuse.ch/feeds/csv/) as a Threat Intelligence F... by ttchorz Path Finder in Splunk Enterprise Security 09-19-2016 0 7	0	7
Splunk Enterprise Security: Why is the Incident Review dashboard not generating results when I click on a label in the Urgency field? Hello All, I am working with the Splunk Enterprise Security App and in the Incident Review, under Urgency, we have 5... by japala Path Finder in Splunk Enterprise Security 09-19-2016 1 4	1	4
Splunk Expired account activity Hi What should be defined in Assets & identities data model for the expired accounts, right now in the data model i... by kiran331 Builder in Splunk Enterprise Security 09-18-2016 0 8	0	8
After upgrading Splunk Enterprise Security from 3.1 to 4.1.1, why did I get so many "correlation to fail" errors? Network - Unusual Volume of Network Activity - Rule" "Network - Substantial Increase in an Event - Rule" by rajksplunk New Member in Splunk Enterprise Security 09-15-2016 0 1	0	1
Has anyone used Splunk Enterprise Security over Hunk? I was wondering if running Splunk Enterprise Security over Hunk in a Hunk only or Hybrid architecture is supported/re... by anandhim Path Finder in Splunk Enterprise Security 09-12-2016 0 5	0	5
Searching DNS queries into reports from Splunk Stream So I know there is a newer app called Stream. It has a massive amount of DNS queries from 100 hosts at least in Strea... by brian1_tate Path Finder in Splunk Enterprise Security 09-07-2016 0 5	0	5
How would I write a query that defines failure or success against firewall by geoIP? I realize this is a silly question but it just so happens we have so many firewalls in exist stance that traffic that... by brian1_tate Path Finder in Splunk Enterprise Security 09-07-2016 0 2	0	2
Splunk Enterprise Security 4.1.1 and storage requirements: Where are ES files stored? I am installing Splunk Enterprise Security 4.1.1 and know that this application can gobble up file system space. I ha... by brent_weaver Builder in Splunk Enterprise Security 09-06-2016 1 1	1	1
Is there a means to create a dashboard that is in either the ES app or ties into panels extracted from it? My organization (After much thought of spamming people with constantly alerts of various failures and I mean up to 50... by brian1_tate Path Finder in Splunk Enterprise Security 09-06-2016 0 1	0	1
I need to find a way to search for users that are logged into more than one hosts to entirely different hosts This search doesn't really give me what an need nor does the ES-TA. I need to figure out how I can determine if a sin... by brian1_tate Path Finder in Splunk Enterprise Security 09-05-2016 0 6	0	6
Is there any documentation on Splunk Enterprise Security that we can use? This is nuts, I downloaded the ES 4.1.1 Overview and it's two pages basically telling me how to login. No kidding. HP... by brian1_tate Path Finder in Splunk Enterprise Security 09-02-2016 0 2	0	2
What type of system health alerts or dashboard panels would be useful to users of Enterprise Security? I have a general question for those that are admins or users of Enterprise Security. I am tasked with considering wha... by brian1_tate Path Finder in Splunk Enterprise Security 09-02-2016 0 1	0	1
Removing Enterprise Security Dear All, With the deletion of App for Vmware from CLI, somehow I managed to ruin our Enterprise Security. The app (... by calebra05 New Member in Splunk Enterprise Security 09-01-2016 0 2	0	2
Splunk App for Enterprise Security: How to add the urgency of notable events in the email subject line? Dear All, We have to include the urgency of the event in the Splunk App for Enterprise Security notable events. Coul... by ssuresh Explorer in Splunk Enterprise Security 08-31-2016 0 1	0	1
How to modify the behavior of a Workflow Action to show a modal box when clicked? Hi everyone, I am trying to modify the behavior of my custom workflow action. I would like it to show a modal box fo... by JohannLiebert92 Path Finder in Splunk Enterprise Security 08-28-2016 0 2	0	2
Need help with modifying a correlation search Hi everyone I'm new to Splunk and I would appreciate some help finding a solution to my problem. Here is some backgr... by infosecdb Engager in Splunk Enterprise Security 08-25-2016 0 2	0	2
How to limit the amount of data that a splunk universal forwarder sends to the Splunk server for processing? Hi all I am using Splunk Enterprise for security... But I have a lot of extraneous data in Splunk at the moment. L... by vvmmvvmm Explorer in Splunk Enterprise Security 08-25-2016 0 4	0	4
How to create dashboard similiar to Enterprise Security's Security Posture? In Enterprise Security, there is a Security Posture dashboard. This dashboard shows the count of notable events that ... by cmeyers Explorer in Splunk Enterprise Security 08-24-2016 0 2	0	2
Is there documentation comparing the features of Splunk User Behavior Analytics (Splunk UBA) and Splunk Enterprise Security? Is there a document that simply and concisely compares the features of Splunk User Behavior Analytics (Splunk UBA) an... by tomasmoser Contributor in Splunk Enterprise Security 08-24-2016 1 2	1	2

Get Updates on the Splunk Community!

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS) We Want Your Feedback on Admin Config Service ...

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

AI is changing how teams investigate incidents, detect threats, automate workflows, and build intelligent ...

Splunk Enterprise Security

Anyone have any ideas with Enterprise Security and Rapid7 to get the dest_ip, host name to be displayed/used instead of the asset number (which is wrong)?

How can I use Shodan data with Splunk Enterprise Security?

URL-based threat source : where is CSV/lookup file stored?

Enterprise Security, Staging Servers and Splunk v6.4

Enterprise Security 3.0 - Customize Incident Review Fields

Help with Query!

Has anybody incorporated Ransomwaretracker as a Threat Intelligence Feed in Splunk Enterprise Security?

Splunk Enterprise Security: Why is the Incident Review dashboard not generating results when I click on a label in the Urgency field?

Splunk Expired account activity

After upgrading Splunk Enterprise Security from 3.1 to 4.1.1, why did I get so many "correlation to fail" errors?

Has anyone used Splunk Enterprise Security over Hunk?

Searching DNS queries into reports from Splunk Stream

How would I write a query that defines failure or success against firewall by geoIP?

Splunk Enterprise Security 4.1.1 and storage requirements: Where are ES files stored?

Is there a means to create a dashboard that is in either the ES app or ties into panels extracted from it?

I need to find a way to search for users that are logged into more than one hosts to entirely different hosts

Is there any documentation on Splunk Enterprise Security that we can use?

What type of system health alerts or dashboard panels would be useful to users of Enterprise Security?

Removing Enterprise Security

Splunk App for Enterprise Security: How to add the urgency of notable events in the email subject line?

How to modify the behavior of a Workflow Action to show a modal box when clicked?

Need help with modifying a correlation search

How to limit the amount of data that a splunk universal forwarder sends to the Splunk server for processing?

How to create dashboard similiar to Enterprise Security's Security Posture?

Is there documentation comparing the features of Splunk User Behavior Analytics (Splunk UBA) and Splunk Enterprise Security?

How to find the worst searches in your Splunk environment and how to fix them

Share Your Feedback: On Admin Config Service (ACS)!

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

Splunk Add-on for ServiceNow Endpoint Configuratio...

Senhasegura integration

Splunk enterprise security export content in SHC t...

add enrichment in splunk ES8

mc_investigations data is not populated - ES 8.3

Splunk Enterprise Security

Join the Conversation