Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
phoenixdigital
A quick question about how the asset and identity list is populated for Splunk ES. I can see it is happening from a ...
by phoenixdigital Builder in Splunk Enterprise Security 08-03-2016
1 5
1
5
khagan
I've configured my own asset list, and now I want to stop asset information from the "demo assets" lookup from showin...
by khagan Path Finder in Splunk Enterprise Security 07-29-2016
0 8
0
8
daniel_augustyn
I've been trying to set up the Splunk Enterprise Security app, but I came across an issue that I can't find reference...
by daniel_augustyn Contributor in Splunk Enterprise Security 07-28-2016
1 5
1
5
oagtexas
We are running Enterprise Security and I'm trying to schedule and automate the population of assets.csv that ES uses ...
by oagtexas Explorer in Splunk Enterprise Security 07-20-2016
0 2
0
2
kiran331
Hi Is there a way to show only critical, high, medium in incident review by default?
by kiran331 Builder in Splunk Enterprise Security 07-20-2016
0 5
0
5
Anewec
I needed to pull asset data from SharePoint to Splunk as a lookup table to feed into Splunk Enterprise Security. I lo...
by Anewec Explorer in Splunk Enterprise Security 07-20-2016
1 3
1
3
tnoelOTS
I am trying to get the FS-ISAC threat feed from my Soltra Edge box into my threatlists on Splunk Enterprise Security....
by tnoelOTS Explorer in Splunk Enterprise Security 07-19-2016
2 3
2
3
coolwater77
The ES App currently configured to run few correlation searches and when the notable events are created those events ...
by coolwater77 Explorer in Splunk Enterprise Security 07-14-2016
1 7
1
7
kiran331
Hi The notable event for a user lockout correlation search is showing urgency as "Unknown", I tried changing it to ...
by kiran331 Builder in Splunk Enterprise Security 07-14-2016
0 1
0
1
PrinceOfEval
I'm creating correlation searches from scratch in the latest version of ES. The search results include fields that d...
by PrinceOfEval Path Finder in Splunk Enterprise Security 07-12-2016
7 5
7
5
joshuamcqueen
Hey Splunkers, Question about notable events. I know how to modify a correlation drill-down searches (and pass toke...
by joshuamcqueen Path Finder in Splunk Enterprise Security 07-12-2016
7 2
7
2
rishrai
Hi, I am implementing the Splunk Enterprise Security app. I have DNS logs which are in Solaris. I went through the D...
by rishrai New Member in Splunk Enterprise Security 07-07-2016
0 1
0
1
mux
We recently upgraded our Splunk installation from 6.1.6 to 6.4.1 As part of the follow up work around this we needed...
by mux Explorer in Splunk Enterprise Security 07-07-2016
0 6
0
6
himapate
Hi , I am planning to install ES in my environment. I have 3 indexer, 1 master node, 1 deployment server. Currently ...
by himapate Explorer in Splunk Enterprise Security 07-01-2016
0 2
0
2
sheamus69
Is it possible to add the risk scores to the notable events listed in Incident Review? I think it's possible to achi...
by sheamus69 Communicator in Splunk Enterprise Security 06-24-2016
0 2
0
2
fairje
I am doing an upgrade of Enterprise Security from 3.3.1 to 4.0 through the GUI. I installed the app by providing it t...
by fairje Communicator in Splunk Enterprise Security 06-23-2016
0 10
0
10
gary_richardson
Hello In Enterprise Security, there is the option to run a script as a follow on action to a notable event. Is it po...
by gary_richardson Path Finder in Splunk Enterprise Security 06-20-2016
0 3
0
3
j4adam
Hello everyone, There is extensive documentation on what fields need to exist in order for a data source to fit into...
by j4adam Communicator in Splunk Enterprise Security 06-13-2016
1 2
1
2
att35
Hi, We have Linux Audit log data coming in Via OSSEC into Splunk. For this data, source is set to /var/ossec/logs/al...
by att35 Builder in Splunk Enterprise Security 06-08-2016
0 11
0
11
splunk_cv
Hi all, I wrote this search that shows me when certain SSIDs are matched. sourcetype=rogap SSID="*skynet*" OR SSID...
by splunk_cv Explorer in Splunk Enterprise Security 06-03-2016
0 5
0
5
trross33
After configuring the proxy settings for downloading the Splunk for Enterprise Security Intelligence Source data, I a...
by trross33 Path Finder in Splunk Enterprise Security 06-03-2016
0 1
0
1
echojacques
So this is the pre-configured correlation search called "substantial increase in port activity". I'd like to tweak i...
by echojacques Builder in Splunk Enterprise Security 06-02-2016
0 5
0
5
dragoslungu
Is there anything different when running a lookup on data returned by a pivot compared to the same lookup running on ...
by dragoslungu Explorer in Splunk Enterprise Security 05-25-2016
4 1
4
1
evelenke
Hi, Splunkers We have a single instance as an Indexer, Search head, and Splunk Enterprise Security (32Gb RAM,16 vCPU...
by evelenke Contributor in Splunk Enterprise Security 05-24-2016
1 4
1
4
andresito123
I get this error every hour at my installation: msg="A script exited abnormally" input="./bin/scripted_inputs/deplo...
by andresito123 Communicator in Splunk Enterprise Security 05-24-2016
0 2
0
2
Get Updates on the Splunk Community!

Laser Bananas and Edge Hubs: Exploring Operational Technology (OT) Data Through a ...

  OT is a different environment to traditional IT and can have interesting challenges when interfacing the ...

Event Series: Mastering AI Tokenomics and Splunk Agent Observability

Beyond the Black Box: Correlating AI Performance and Tokenomics with Splunk Agent Observability   As ...

span_metrics: The OpenTelemetry-Idiomatic Way to See Inside Your Services

You open a trace in Splunk Observability Cloud and everything looks fine. One root span, order-pipeline, with ...