Splunk Enterprise Security

Discussions

Thread Info

How can I achieve Risk Model Through Splunk?

I have different devices for Perimeter Security, Endpoint Security, Access Security and Email Security. Pls let me kn...

by New Member in

How to pull the data from Splunk Security Incident Review Description column?

I am trying to pull all the information from Splunk Security Incident Review Description column. Please see the at...

by Path Finder in

Need to pull all the data from the investigation panel (Enterprise Security) and send to third party (Archer, ServiceNow) via API

Need to pull all the data from the investigation panel (Enterprise Security) and send to third party (Archer, Service...

by Path Finder in

How do I get the alert actions from splunk_ta_snow to be active as adaptive responses in Enterprise Security

Hi. It seems like the alert_actions defines in splunk_ta_snow misses param._cam parms, so they don't show up, as a...

by Contributor in

Using the eval command, how do you calculate the time difference between two events WHERE the status value is different?

Hi, There's probably a better function to use for this, but I think it could be done with an eval and where (I thi...

by Path Finder in

how to customize drilldown action

Under the noteable event view, for each field ther is action, I want to add "got to virustotal $src$" field for src(i...

by Communicator in

Correlate two search results.

Hello, I have a two queries from two DM (Authentication and Change-Analysis). Task: Basically, I need to exclud...

by New Member in

Splunk ES - Configuration Errors on Splunk UI

We noticed Configuration Errors on Splunk UI, Investigated the errors and this is from the rules. No changes made to ...

by Splunk Employee in

Splunk Enterprise Security - SA-IdentitiyManagement - inputs.conf - master_host attribute value

What should be the value of master_host attribute in inputs.conf for SA-IdentitityManagement add-on? In my Splunk Ent...

by Explorer in

Splunk Enterprise Security: Unable to save Input stanza for lookup source

We are implementing the Splunk ES in our environment, when I try to save input stanza for lookup source under Configu...

by Explorer in

notables relation with device events

Is there any way that a notable is linked to the events that generated it?

by Explorer in

Enterprise Security Identity Correlation - merging of identities

Hi all, I have a problem understanding how ES Identity Correlation merges identities together. Example: I have ...

by Motivator in

How does Splunk Enterprise Security work?

hello I want to understand the concept of how Splunk security works. I think that it has a database of signatures...

by Path Finder in

Percent problems

Hi, Struggling to get the percentage to work properly... I have 3 fields; Open, Closed and New. I want to r...

by Path Finder in

inclusion in Datamodel

If there is any source type which has hash values but not action fields like allowed or blocked then it can consider ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How can I achieve Risk Model Through Splunk?

How to pull the data from Splunk Security Incident Review Description column?

Need to pull all the data from the investigation panel (Enterprise Security) and send to third party (Archer, ServiceNow) via API

How do I get the alert actions from splunk_ta_snow to be active as adaptive responses in Enterprise Security

Using the eval command, how do you calculate the time difference between two events WHERE the status value is different?

how to customize drilldown action

Correlate two search results.

Splunk ES - Configuration Errors on Splunk UI

Splunk Enterprise Security - SA-IdentitiyManagement - inputs.conf - master_host attribute value

Splunk Enterprise Security: Unable to save Input stanza for lookup source

notables relation with device events

Enterprise Security Identity Correlation - merging of identities

How does Splunk Enterprise Security work?

Percent problems

inclusion in Datamodel

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How can I automatically and evenly assign notables...

Risk-Based Alerting FAQs

threat intelligence upload not working too

Splunk Enterprise Security - permissions issue

Splunk Enterprise Security Install Error In Deploy...