Splunk Enterprise Security

Discussions

Thread Info

Splunk App for Enterprise Security: Where is the threatlist stored?

Hello, Retrieving the threatlist through the URL in Enterprise Security, I would like to know if is stored in csv.

by Path Finder in

How can I trigger and alert for a search over 60 min but not trigger it again if I run the same search over 4 hours, 8 hours and 24 hours.

I am trying to create Notable Events using the Splunk ES risk framework and I want to setup multiple correlation sear...

by Engager in

How to view expired server certificates in the Splunk App for Enterprise Security 3.3?

I'm trying to view my server certificates via the Splunk Enterprise Security App 3.3. I asked to set it up in the app...

by Engager in

Splunk App for Enterprise Security: How to create a threat list and test them out?

In our Splunk App for Enterprise Security server, I want to add a local threat list that lists URLs to watch through ...

by New Member in

Splunk 6.2.3 consuming all the memory after installing Splunk app for Enterprise Security 3.3.0

Hello, I installed Splunk Enterprise 6.2.2 a month ago and it was running safely. Splunk had no issues. I installed t...

by Communicator in

Why are TA-DNSServer-NT6 fields, lookups, and aliases not showing in the Splunk App for Enterprise Security?

Most, but not all of the field extractions, lookups, and aliases created in the TA-DNSServer-NT6 app are viewable whe...

by Path Finder in

Failing to create an alternate identities file

I create an alternate identities csv file in *Nix by copying ./SA-IdentityManagement/lookups/identities.csv to ./SA-I...

by Path Finder in

Which Splunk for Enterprise Security Dashboard contains "databases" logs?

Hello, In Splunk Enterprise Security ES, I'm looking for dashboards where I can see sql server and oracle database...

by New Member in

Correlation Search - results not displaying correctly

Ive been spending a long time trying to get 1 correlation search working. The search is to find non standard hostname...

by Path Finder in

Assets in Enterprise Security

Assets in Enterprise Security Solution When you register you going to be how to use the Web model?

by Path Finder in

Splunk enterprise security add-on nomenclature

Hi guys, I am developing an addon for Splunk ES and I'm a little bit confused about the name I have to give to the fo...

by Communicator in

Where do I have to install my Splunk ES addon?

Hi, i developed an addon for Splunk ES. In a clusterized environment, where do I have to install the addon? In every ...

by Communicator in

ES 3.3 Data nodels showing Unknown values

Hi, I have two index node cluster and one dedicated search head for ES APP. installed Splunk_TA for cisco ASA on the ...

by Explorer in

Enterprise Security threatList ???

On the home screen of Enterprise Security > Setting > Data Model, there are a number of data model lists. Which field...

by Path Finder in

Is there an option to auto refresh the incident review in Splunk Enterprise Security app?

by Engager in

How do I delete incidents from Splunk ES

Hello Splunkers, ES was recently deployed in our environment and some incidents were created as part of testing funct...

by Contributor in

ES app. bringing in _internal data into dashboards

Hello, I am seeing that ES app. also brings in data from the _internal index and add it to the ES application dash...

by Path Finder in

Does ES3.3 on Search-Head running 6.2.3 and indexers running on 6.2.2 work?

In a distributed Search environment, is it required to upgrade the Indexers to the latest version of Splunk or can we...

by Engager in

Custom Search and notable events

We have certain custom searches in Enterprise Security App for example "New MAC Address found in the network", even t...

by Path Finder in

Splunk App for Enterprise Security : Could you let me know some sources to download threat feeds?

by Engager in

I see 5 Additional fields in one notable event and 10 additioinal fields in another notable event under incident review. Can I configure the additional fields that can be displayed?

by Engager in

Splunk for Symantec vs TA-sep/sav - what's the difference?

Hello, I have Splunk 6 and Enterprise Security 3 (latest version). I'm also indexing data from our Symantec endpoi...

by Builder in

Workflow status and ownership reset after 2.41 to 3.22 ES upgrade

I recently upgraded to ES 3.2.2 on a splunk 6.2.2 deployment. For some reason all notable events have been reset ...

by New Member in

How to integrate Splunk for Enterprise Security with Active Directory to detect security events?

Hi everyone, I have Splunk App for Enterprise Security, and i want to integrate it with Active Directory. I alread...

by Communicator in

Threat List Activity dashboard?

Hello, As the title suggests, I have some general questions regarding the threat list activity dashboard. Q1: W...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk App for Enterprise Security: Where is the threatlist stored?

How can I trigger and alert for a search over 60 min but not trigger it again if I run the same search over 4 hours, 8 hours and 24 hours.

How to view expired server certificates in the Splunk App for Enterprise Security 3.3?

Splunk App for Enterprise Security: How to create a threat list and test them out?

Splunk 6.2.3 consuming all the memory after installing Splunk app for Enterprise Security 3.3.0

Why are TA-DNSServer-NT6 fields, lookups, and aliases not showing in the Splunk App for Enterprise Security?

Failing to create an alternate identities file

Which Splunk for Enterprise Security Dashboard contains "databases" logs?

Correlation Search - results not displaying correctly

Assets in Enterprise Security

Splunk enterprise security add-on nomenclature

Where do I have to install my Splunk ES addon?

ES 3.3 Data nodels showing Unknown values

Enterprise Security threatList ???

Is there an option to auto refresh the incident review in Splunk Enterprise Security app?

How do I delete incidents from Splunk ES

ES app. bringing in _internal data into dashboards

Does ES3.3 on Search-Head running 6.2.3 and indexers running on 6.2.2 work?

Custom Search and notable events

Splunk App for Enterprise Security : Could you let me know some sources to download threat feeds?

I see 5 Additional fields in one notable event and 10 additioinal fields in another notable event under incident review. Can I configure the additional fields that can be displayed?

Splunk for Symantec vs TA-sep/sav - what's the difference?

Workflow status and ownership reset after 2.41 to 3.22 ES upgrade

How to integrate Splunk for Enterprise Security with Active Directory to detect security events?

Threat List Activity dashboard?

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code