Splunk Enterprise Security

Discussions

Thread Info

Can I use the same indexers for a Splunk Enterprise search head and another search head?

I am in process of Splunk Enterprise Security deployment. While deployment of Add-ons to my indexers, documentation s...

by Explorer in

Splunk Enterprise Security: How to deploy the included add-ons to forwarders?

I have recently deployed Splunk Enterprise Security (ES) on one of our Search Heads. While installing, it could not p...

by Explorer in

Extreme Search Issue with xsWhere command

So having an issue with extreme search. I have a DD context generated for users sending emails based off their identi...

by New Member in

Help with troubleshooting errors in Splunk Enterprise Security: what script is ran to show this error message?

Hello Splunk community, I am having a problem with Enterprise Security. All of the threat intelligences are not ab...

by Path Finder in

Splunk ES : macro get_identity4events not returning values from identity in notables

Greetings we have the following versions : Splunk 6.5.2/ES 4.5.0/CIM 4.6.0 When we use the macro on its own in...

by SplunkTrust in

Syslogs from devices to different indexers with same index name

Hi, We are planning to use TCP syslog to send logs from networks devices to heavy forwarders and from there to ind...

by Explorer in

Splunk Enterprise Security: Where do I specify _key field in the curl command for Threat API?

I am trying to search the ip_intel kvstore for threat intelligence for an IP that I know is already there. I'm just t...

by Engager in

Splunk Enterprise Security: Why does the Risk Analysis data model fail to build?

This particular data model (Risk Analysis) that comes with Splunk Enterprise Security is failing to build due to a ca...

by Builder in

Cisco eStreamer for Splunk: How to resolve error "Problems starting the eStreamer client"?

Hi everyone! I attempted to follow the other "Problems starting the eStreamer client" post but was unable to get i...

by New Member in

Splunk Enterprise Security: How to filter geographically improbable logins over small distances?

In Splunk Enterprise Security, the geographically improbable login correlation fires when users on our network transi...

by Explorer in

threat intelligence downloads show errors even when disabled or deleted on Enterprise Security 4.7.1

Hi folks We upgraded Enterprise Security to 4.7.1 and we are getting the following errors in the UI: A threat i...

by Builder in

Is it possible to use two Splunk Enterprise Security Apps on single Indexer cluster?

Hi is it possible to use 2 Splunk Enterprise Security apps on 2 stand alone search heads with same Indexer cluste...

by Builder in

What is the best recommendation for segregating Windows event data?

Good day, We are running Splunk Enterprise 6.6.0 with Splunk Enterprise Security distributed within several datace...

by New Member in

Splunk Enterprise Security: Expected Host Not Reporting finds hosts that are reporting with a different name. How to fix this?

Expected Host Not Reporting finds results for hosts that are reporting with a different name; for instance, the short...

by Path Finder in

Need assistance with ES error after upgrade to 4.5.3

We are in the process of upgrading ES to 4.5.3 and am receiving the error below after clicking to Exclude the ES TA's...

by Path Finder in

How to make an App, its Commands, and Lookup permissions "global"?

We've installed an app that initially does not install as a "global" permission. We'd like to make its resources (e.g...

by Communicator in

Splunk Enterprise Security: Do I need to create a new correlation search to use threat intelligence?

Hello, We are researching on integration with Splunk Enterprise Security (ES), and I have a question about threat ...

by Path Finder in

Splunk Enterprise Security: How to generate a list of correlation searches showing severity ratings, risk scores, and status (enabled/disabled)?

Hi, This question relates to: - Splunk Enterprise 6.4.1 - Splunk Enterprise Security 4.1.1 I am trying to gene...

by Communicator in

Dashboard permissions for on monitor/screen

I've set up a new Role & User called monitor for the task of displaying Enterprise Security dashboards on a monitor/s...

by Path Finder in

Splunk Default Date and Time Need to change from MM/DD/YYYY to DD/MM/YYYY

Hi All, i need to change the date and time format from MM/DD/YYYY to DD/MM/YYYY by default . When user login and s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Can I use the same indexers for a Splunk Enterprise search head and another search head?

Splunk Enterprise Security: How to deploy the included add-ons to forwarders?

Extreme Search Issue with xsWhere command

Help with troubleshooting errors in Splunk Enterprise Security: what script is ran to show this error message?

Splunk ES : macro get_identity4events not returning values from identity in notables

Syslogs from devices to different indexers with same index name

Splunk Enterprise Security: Where do I specify _key field in the curl command for Threat API?

Splunk Enterprise Security: Why does the Risk Analysis data model fail to build?

Cisco eStreamer for Splunk: How to resolve error "Problems starting the eStreamer client"?

Splunk Enterprise Security: How to filter geographically improbable logins over small distances?

threat intelligence downloads show errors even when disabled or deleted on Enterprise Security 4.7.1

Is it possible to use two Splunk Enterprise Security Apps on single Indexer cluster?

What is the best recommendation for segregating Windows event data?

Splunk Enterprise Security: Expected Host Not Reporting finds hosts that are reporting with a different name. How to fix this?

Need assistance with ES error after upgrade to 4.5.3

How to make an App, its Commands, and Lookup permissions "global"?

Splunk Enterprise Security: Do I need to create a new correlation search to use threat intelligence?

Splunk Enterprise Security: How to generate a list of correlation searches showing severity ratings, risk scores, and status (enabled/disabled)?

Dashboard permissions for on monitor/screen

Splunk Default Date and Time Need to change from MM/DD/YYYY to DD/MM/YYYY

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...

Migrating Splunk Enterprise Security from VM to ne...