Splunk Enterprise Security

Discussions

Thread Info

How do I write the regex to find all SCCM logs that contain dest_name="CN ?

Hi Everyone, I am trying to concoct a regular expression in the Splunk App for Enterprise Security to find all SCC...

by Engager in

Splunk App for Enterprise Security: Is it possible to limit my search of the Intrusion Detection datamodel to only IPS events and exclude firewall events?

I want to create a single value chart to illustrate total intrusion detection events, however, I want to limit the re...

by Engager in

Splunk App for Enterprise Security: How to debug xswhere

The Splunk App for Enterprise Security ships with extreme search commands. I would like to see drastic changes in occ...

by Motivator in

Why does the Splunk App for Enterprise Security trigger audit warnings about system requirements in a virtualized environment?

In the Splunk App for Enterprise Security on Splunk Cloud, there is a frequent message that the systems don't meet th...

by Splunk Employee in

Splunk App for Enterprise Security: How to troubleshoot why some custom correlation searches (Notables) are not generating events?

Hi, I've hit a bit of a road block trying to set up some custom correlation searches, which are very similar to ot...

by Influencer in

Splunk App for Enterprise Security: Is it possible to restrict a tstats search to a specific index?

I would like to restrict the tstats search below to a specific index. The search uses the IDS_Attacks datamodel in ES...

by Engager in

How to load data into the Splunk App for Enterprise Security?

What is the procedure to load the data into the Splunk App for Enterprise Security?

by New Member in

How to delete users with realms via REST API in Enterprise Security Credential Management?

Hi Splunkers & Splunkettes, So when attempting to remove a configured user via a REST API call, I don't seem to be...

by Builder in

Will I be able to install and run the Splunk App for Enterprise Security on Linux with an LDAP service account?

We are installing Splunk on CentOS Linux in the next week or so. Our service accounts are going to be on an LDAP serv...

by Builder in

How to install the Splunk App for Enterprise Security on Linux with indexer clustering?

Hello! I am about to embark on an install of the Splunk App for Enterprise Security on a set of shiny new CentOS ...

by Builder in

Which configs go on the indexer and which go on the search head for the Splunk App for Enterprise Security in a distributed search environment?

For the Splunk App for Enterprise Security, Is there any documentation that will tell me which config files should go...

by Communicator in

Using Splunk for Snort, how do I get Snort Alert Fast logs into the Splunk App for Enterprise Security?

I'm a bit stuck with this. This is my situation: I've installed Snort between the LAN and its GW and all traffic h...

by Path Finder in

Why is the "Continue to app setup page" button in the Splunk App for Enterprise Security setup not working?

I am trying to install Enterprise Security Installer to install ES. When I click the "Continue to app setup page" but...

by Communicator in

msg="A script exited abnormally input="$SPLUNK_HOME/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py " stanza="default" status="exited with code 1"

msg="A script exited abnormally input="$SPLUNK_HOME/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py " stanza="d...

by Splunk Employee in

Splunk App for Enterprise Security: How to troubleshoot why Network Resolution (DNS) Data Model won't build?

I'm installing an Enterprise Security build and have run into an issue with getting DNS into the ES environment. F...

by Splunk Employee in

How are the asset and identity lists for The Splunk App for PCI Compliance different from the Splunk App for Enterprise Security?

Wanted to check how the asset and identity lists that PCI need are different from the ES app. Does PCI need them in a...

by Communicator in

Splunk Add-on for Symantec Endpoint Protection: Why is our version of the TA 3.2.1, but Splunkbase shows the latest version is 2.0.1?

We are currently running Splunk 6.2.3. When our system was installed/configured, the TA-sep version 3.2.1. I recently...

by Explorer in

Why do I see error "lookup_conversion: A lookup table could not be created..." in Splunk 6 with clustering enabled and ES on one search head?

lookup_conversion: A lookup table could not be created (key: tld, tempfile: /opt/splunk/var/run/splunk/lookup_tmp/loo...

by Splunk Employee in

Configuring the Splunk App for Enterprise Security on a new Search Head (attached to larger Indexer list), why can't I get the Threat Activity to load?

I'm working to migrate ES to a new search head that has network visibility to indexers in multiple Business Units and...

by Explorer in

Splunk App for Enterprise Security: How to parse key value pairs for Incapsula WAF and API output?

Hello, We are using an Incapsula WAF and using a curl script to pull out the timestamps and security events. How ...

by Splunk Employee in

Does SA-SPLICE or the Splunk App for Enterprise Security support certificate-based authentication to TAXII service such as FS-ISAC?

Hi. Does the Splice or Splunk Enterprise Security app support certificate-based authentication to the taxii service s...

by Path Finder in

Splunk Enterprise Security

Discussions

How do I write the regex to find all SCCM logs that contain dest_name="CN ?

Splunk App for Enterprise Security: Is it possible to limit my search of the Intrusion Detection datamodel to only IPS events and exclude firewall events?

Splunk App for Enterprise Security: How to debug xswhere

Why does the Splunk App for Enterprise Security trigger audit warnings about system requirements in a virtualized environment?

Splunk App for Enterprise Security: How to troubleshoot why some custom correlation searches (Notables) are not generating events?

Splunk App for Enterprise Security: Is it possible to restrict a tstats search to a specific index?

How to load data into the Splunk App for Enterprise Security?

How to delete users with realms via REST API in Enterprise Security Credential Management?

Will I be able to install and run the Splunk App for Enterprise Security on Linux with an LDAP service account?

How to install the Splunk App for Enterprise Security on Linux with indexer clustering?

Which configs go on the indexer and which go on the search head for the Splunk App for Enterprise Security in a distributed search environment?

Using Splunk for Snort, how do I get Snort Alert Fast logs into the Splunk App for Enterprise Security?

Why is the "Continue to app setup page" button in the Splunk App for Enterprise Security setup not working?

msg="A script exited abnormally input="$SPLUNK_HOME/etc/apps/Splunk_CiscoIPS/bin/get_ips_feed.py " stanza="default" status="exited with code 1"

Splunk App for Enterprise Security: How to troubleshoot why Network Resolution (DNS) Data Model won't build?

How are the asset and identity lists for The Splunk App for PCI Compliance different from the Splunk App for Enterprise Security?

Splunk Add-on for Symantec Endpoint Protection: Why is our version of the TA 3.2.1, but Splunkbase shows the latest version is 2.0.1?

Why do I see error "lookup_conversion: A lookup table could not be created..." in Splunk 6 with clustering enabled and ES on one search head?

Configuring the Splunk App for Enterprise Security on a new Search Head (attached to larger Indexer list), why can't I get the Threat Activity to load?

Splunk App for Enterprise Security: How to parse key value pairs for Incapsula WAF and API output?

Does SA-SPLICE or the Splunk App for Enterprise Security support certificate-based authentication to TAXII service such as FS-ISAC?

Installing Enterprise Security on a Search Head Cluster / Index Cluster

Enterprise Security 3.0 and Datamodels / Splunk_SA_CIM accelerations

Does the Trail version of Splunk supports the Splunk App for Enterprise Security? if not what is the price for the app ?

What version of the Splunk App for Enterprise Security is required for connecting to a Soltra TAXII feed?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code