Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
johnmccash

Splunk Enterprise Security 4.0.1: How to import TAXII Observables defined Using Cybox Regex Syntax?

I'm running Splunk Enterprise Security 4.0.1, and trying to import and match against Observables defined using Cybox ...
by johnmccash Explorer in Splunk Enterprise Security 04-15-2016
1 5
1
5
ccrider

How do I export Enterprise Security (ES) investigations as a PDF or report?

I'm doing research inside of Splunk Enterprise Security, and I'm tagging events into the timeline. I've gone into the...
by ccrider New Member in Splunk Enterprise Security 04-14-2016
0 2
0
2
rahul130191

Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups?

Is it possible to automate assignment of notable events to groups? For example, if a new notable event is triggered,...
by rahul130191 New Member in Splunk Enterprise Security 04-14-2016
0 1
0
1
noybin

How to integrate ModSecurity events to Splunk Enterprise Security?

Hi, I need to make events I am receiving from a Modsecurity available and formatted for Splunk Enterprise Security. ...
by noybin Communicator in Splunk Enterprise Security 04-12-2016
0 6
0
6
Lowell

Does Enterprise Security automatically re-enable data model acceleration?

I'm trying to disable acceleration on a data model that's consuming a massive amount of memory on the indexers. All ...
by Lowell Super Champion in Splunk Enterprise Security 04-12-2016
3 2
3
2
DMohn

Enterprise Security Incident Review - link to other dashboard

Hi Splunkers, I want to customize the Enterprise Security Incident Review dashboard to include a link to another das...
by DMohn Motivator in Splunk Enterprise Security 04-07-2016
1 6
1
6
jwiedow

Why is the Splunk_TA_paloalto missing from the install directory for Splunk Enterprise Security 4.1.0?

The Splunk_TA_paloalto is missing from the SplunkEnterpriseSecuritySuite/install directory for Splunk Enterprise Secu...
by jwiedow Communicator in Splunk Enterprise Security 04-06-2016
0 4
0
4
rubeniturrieta

Can we use Splunk IT Service Intelligence as an Event Management Layer between Splunk and a "Tickets System"?

Hi to everyone I need to add an "Event Management software layer", between Splunk and a "Tickets System" ( a "Event ...
by rubeniturrieta Communicator in Splunk Enterprise Security 04-06-2016
0 1
0
1
gabriel_vasseur

Any tips to quickly learn an existing Splunk setup?

I am new to Splunk and so far I find that the real difficulty is not learning Splunk itself but understanding my orga...
by gabriel_vasseur Contributor in Splunk Enterprise Security 04-06-2016
0 2
0
2
kbrown_splunk

Is there documentation on best practice for which inputs to enable for Splunk add-on for Unix/Linux?

This is for an ES use case.
by kbrown_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 04-04-2016
0 4
0
4
andresito123

How to use a certain field as IP to correlate with Splunk Enterprise Security threat intelligence sources?

I have included in my installation Sophos Virtual Email Appliance logs. The logs include the originating IP with fiel...
by andresito123 Communicator in Splunk Enterprise Security 04-04-2016
0 3
0
3
koshyk

Splunk Enterprise Security: How to configure datamodel_summary effectively for performance?

We are using datamodel_summary heavily for Splunk Enterprise Security and its quite slow in datamodel acceleration. A...
by koshyk Super Champion in Splunk Enterprise Security 04-04-2016
1 6
1
6
nmohammed

can we use the Vormetric Security Intelligence app for splunk 6.3.x ?

can we use the Vormetric Security Intelligence app for splunk 6.3.x ? I don't see any updates since 2013.
by nmohammed Builder in Splunk Enterprise Security 03-29-2016
0 2
0
2
chris

Exclude index from ES dataset

Hi, we are currently adding data sources to our Splunk environment. We try our best to make it CIM compliant. We h...
by chris Motivator in Splunk Enterprise Security 03-29-2016
0 2
0
2
hberkis

Search Head Pooling v. Search Head Clustering

If i am running Splunnk 6.2.x and ES 3.x using search head pooling, and I upgrade to Splunk 6.3.1 and ES 4.0.1 using ...
by hberkis New Member in Splunk Enterprise Security 03-28-2016
0 5
0
5
madcitygeek

Are there specific types of indicators and observables in STIX that the Splunk App for Enterprise Security 3.3 looks for?

I can't seem to make Splunk ES 3.3 ingest the XML files I get from the government. Naturally, I cannot divulge the de...
by madcitygeek Explorer in Splunk Enterprise Security 03-25-2016
4 7
4
7
shivarpith

count/ subtotal for stats values.

Hi, We have a query that brings up the sourcetypes in correlated search using "tstats" Example: tsats datamodel xyz ...
by shivarpith Path Finder in Splunk Enterprise Security 03-21-2016
0 2
0
2
tkomatsubara_sp

Splunk won't be accessible after installing Enterprise Security

Hello, I installed Enterprise Security 4.0.2 on Windows 2012 R2. After intsalling the ES, splunk became unresponsive...
by tkomatsubara_sp Splunk Employee Splunk Employee in Splunk Enterprise Security 03-16-2016
0 1
0
1
brent_weaver

"One or more machines does not meet the recommended minimum system requirements. Review the documentation for details." How do I get rid of this message?

Good morning. I am constantly getting the message: One or more machines does not meet the recommended minimum system...
by brent_weaver Builder in Splunk Enterprise Security 03-14-2016
2 19
2
19
grambo271

Splunk App for Enterprise Security: Where to change the setting for lookup table maximum allowable value?

Greetings... I'm still very junior to the world of Splunk so I thought I'd reach out to the community for a little di...
by grambo271 Explorer in Splunk Enterprise Security 03-09-2016
3 4
3
4
AlbintEIG

Why are we missing cisco:ios sourcetype data between 12am-4am nightly?

We are collecting syslog with a syslog collector, and dumping it to text files. Splunk ingests those txt files from t...
by AlbintEIG Engager in Splunk Enterprise Security 03-04-2016
0 2
0
2
gstefan

Splunk for Enterprise Security 3.2: Why is lookup threatlist_names.csv not populated correctly?

Hi, My installation is downloading threat lists correctly, but lookup threatlist_names.csv is not populated correct...
by gstefan Engager in Splunk Enterprise Security 02-26-2016
1 4
1
4
gary_richardson

Splunk Enterprise Security: Why is a field in notable event search results not showing up in the event?

Hello Splunkers. I have been creating new notable events in Enterprise Security, and for some events, defining my ow...
by gary_richardson Path Finder in Splunk Enterprise Security 02-24-2016
0 2
0
2
meirwah

Splunk Enterprise Security: Why can I not create notable events and get "Splunk cannot find "data/inputs/threatlist""?

I installed Splunk Enterprise Security, but nothing seems to function (cannot create notable events for instance, get...
by meirwah Engager in Splunk Enterprise Security 02-15-2016
0 5
0
5
daniel333

Why is the NMAP app that is packaged with Splunk Enterprise Security not on Splunkbase? Do I need an ES license to use it?

So I was up last night making an NMAP app for my company. Took it into work and a worker pointed out there was an NMA...
by daniel333 Builder in Splunk Enterprise Security 02-11-2016
1 1
1
1
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...
Top Solution Authors
View All