Splunk Enterprise Security

Discussions

Thread Info

Glass Tables

Hi All! how i can import visio file to Glass Tables in the splunk enterprise security

by Path Finder in

Edit title of notable event x2

sourcetype=WinEventLog:Security (EventCode=4720) | eval date=strftime(_time, "%Y/%m/%d") |rex "New\sAccount:\s+.*\s+\...

by Builder in

How do you remove threat feed data already in Enterprise Security?

Enterprise Security comes pre-configured with several blocklists, however we have a valid business case for some of t...

by New Member in

Automatic Adaptive response action based on correlation search

Hello, I'm trying out a Adaptive response action of VirusTotal which i created by following this site http://dev.s...

by Path Finder in

Splunk Enterprise Security: "Search peer has the following message: Review roles for unnecessary read or write access to authorize.conf and remove access if possible."

"Search peer has the following message: Review roles for unnecessary read or write access to authorize.conf and remov...

by New Member in

help needed to understand correlation search in ES (sandbox)

I am quite new to ES, although i have an good understanding of data models and other Splunk commands, i am unable to ...

by Loves-to-Learn in

Monitor Unsuccessful Windows Updates

How to change this search to show Unsuccessful/Failed Windows Updates? sourcetype=WinEventLog:System EventCode=19 | e...

by Builder in

Splunk Enterprise Security: Is there a developer version?

Hi I am trying to create add-ons for splunk enterprise security. is there a developer version of the app , with sampl...

by Explorer in

Modifying Correlation search - Substantial Increase in Port Activity (By Destination)

Hi all! I have just started working on Splunk ES. However I found that when turned on the correlation rule below, ...

by New Member in

Edit title of notable event

I will try again, but with correct tags of my question. Today I tried many times fix it and zero results. https://...

by Builder in

Edit name of notable event

I have this search: | metadata type=hosts | lookup critical_systems Host_name as host OUTPUT Host_name as host | sear...

by Builder in

Rules/Correlation Searches that must have at SOC!

Hello my little friends!  In your opinion what correlation searches must have SOC?

by Builder in

Splunk Enterprise Security: Why are correlation searches not saving in search head cluster?

I am using search head cluster and trying to create a correlation search by selecting application context as "DA-ESS-...

by Explorer in

Centralized Splunk config synchronization like rsync over HTTPS

I have a customer with a very unique network environment. They will have multiple ES clusters worldwide. The only way...

by Builder in

"Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'fe_cef_syslog' and lookup table 'fireeye_severity_lookup'" - how to fix?

We are on Splunk Cloud 6.4. We have Splunk Enterprise Security too. FireEye App for Splunk Enterprise v3 (ver 3.0...

by New Member in

Ratios based on field values in Stats

I am looking to get a ratio in something akin to the following method but this is throwing errors from Splunk ES: ...

by Explorer in

How do I update Palo Alto app and threat metadata in Splunk Enterprise Security

pancontentpack is supposed to get app and threat metadata from Panorama. I noticed that pancontentpack is only par...

by Builder in

Best way to filter out events within Splunk Enterprise Security Incident Review?

I am seeing a number of events for abnormally high number of HTTP POST requests in our enterprise security incident r...

by Engager in

Enterprise Security 4.7 - Threat Intel Downloads Won't Stop Despite Disabling

I upgraded the ES app from 4.5 to 4.7. I work on a closed system so I do not make use of the Threat Intel downloads. ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Glass Tables

Edit title of notable event x2

How do you remove threat feed data already in Enterprise Security?

Automatic Adaptive response action based on correlation search

Splunk Enterprise Security: "Search peer has the following message: Review roles for unnecessary read or write access to authorize.conf and remove access if possible."

help needed to understand correlation search in ES (sandbox)

Monitor Unsuccessful Windows Updates

Splunk Enterprise Security: Is there a developer version?

Modifying Correlation search - Substantial Increase in Port Activity (By Destination)

Edit title of notable event

Top 20 Memory-Consuming Searches

Edit name of notable event

Rules/Correlation Searches that must have at SOC!

Splunk Enterprise Security: Why are correlation searches not saving in search head cluster?

Centralized Splunk config synchronization like rsync over HTTPS

"Error 'Could not find all of the specified lookup fields in the lookup table.' for conf 'fe_cef_syslog' and lookup table 'fireeye_severity_lookup'" - how to fix?

Ratios based on field values in Stats

How do I update Palo Alto app and threat metadata in Splunk Enterprise Security

Best way to filter out events within Splunk Enterprise Security Incident Review?

Enterprise Security 4.7 - Threat Intel Downloads Won't Stop Despite Disabling

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

incident_review migration to new splunk enterprise...

What is the retention period for summaries generat...

Why the System Center does not show data from Wind...

Adding key indicator search to custom dashboard in...

How to send only not suppressed notable from Splun...