Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
ksncksnc

I see 5 Additional fields in one notable event and 10 additioinal fields in another notable event under incident review. Can I configure the additional fields that can be displayed?

by ksncksnc Engager in Splunk Enterprise Security 05-12-2015
1 1
1
1
echojacques

Splunk for Symantec vs TA-sep/sav - what's the difference?

Hello, I have Splunk 6 and Enterprise Security 3 (latest version). I'm also indexing data from our Symantec endpoin...
by echojacques Builder in Splunk Enterprise Security 05-12-2015
1 4
1
4
jemeche

Workflow status and ownership reset after 2.41 to 3.22 ES upgrade

I recently upgraded to ES 3.2.2 on a splunk 6.2.2 deployment. For some reason all notable events have been reset to...
by jemeche New Member in Splunk Enterprise Security 05-11-2015
0 1
0
1
rubeniturrieta

How to integrate Splunk for Enterprise Security with Active Directory to detect security events?

Hi everyone, I have Splunk App for Enterprise Security, and i want to integrate it with Active Directory. I already ...
by rubeniturrieta Communicator in Splunk Enterprise Security 05-03-2015
0 1
0
1
vanadisc

Threat List Activity dashboard?

Hello, As the title suggests, I have some general questions regarding the threat list activity dashboard. Q1: Where...
by vanadisc Engager in Splunk Enterprise Security 05-03-2015
1 1
1
1
tegosa

Splunk ES Proxy Log Query Explanation Needed Regarding xswhere and "is above high"

I can not find anything in the docs regarding "xswhere" and this "is above high" Here is the query : | tstats allow_o...
by tegosa New Member in Splunk Enterprise Security 05-01-2015
0 1
0
1
luckymaddy

Email Alerts

Hi, I want to set an “Email alert when User failed login 5 times in last 10 minutes. Please help me. Thanks in Adva...
by luckymaddy Explorer in Splunk Enterprise Security 04-28-2015
0 3
0
3
luckymaddy

Splunk App for Enterprise Security: Are there any test plans and sample test cases related to security using this app?

Hi All, I am new to Splunk. In my project we are using Splunk App for Enterprise security. I would like to know what...
by luckymaddy Explorer in Splunk Enterprise Security 04-27-2015
0 8
0
8
masiddiqu

How to deploy the Splunk App for Enterprise Security in an Indexer and Search Head Clustering environment?

Hi, I am trying to simulate a cluster environment for the Splunk App for Enterprise Security. The setup is: -Two I...
by masiddiqu Explorer in Splunk Enterprise Security 04-23-2015
0 3
0
3
georget

After integrating a new Key Security Indicator in an Enterprise Security dashboard, how do I get the drilldown URL to point to a dashboard in my custom app?

Hi, I've created a new Key Security Indicator for my app and have integrated it in the Security Posture dashboard of...
by georget Explorer in Splunk Enterprise Security 04-22-2015
0 3
0
3
bheemireddi

Can multiple instances of the Splunk App for Enterprise Security point to same indexer cluster?

I have a scenario. The customer has two teams ABC, XYZ and they have their own Enterprise Security setup. each team h...
by bheemireddi Communicator in Splunk Enterprise Security 04-18-2015
1 1
1
1
Splunk_Bw

After a fresh installation, how do I deploy the Splunk App for Enterprise Security?

I have been assigned the task of deploying the Splunk App for Enterprise Security on Linux machines. Here is my requi...
by Splunk_Bw Explorer in Splunk Enterprise Security 04-16-2015
0 2
0
2
coleman07

How to extract time string represented by hex (TA-sav)?

The sample data which comes with the TA-sav add-on has its timestamp in a weird hexadecimal format. It looks like th...
by coleman07 Path Finder in Splunk Enterprise Security 04-09-2015
0 3
0
3
mcronkrite

can you have a domain in a threatlist url?

Can you put in the url field of the threat list a domain value? For example, these were where domains were listed xx...
by mcronkrite Splunk Employee Splunk Employee in Splunk Enterprise Security 03-27-2015
0 1
0
1
tkopchak

Splunk for Enterprise Security: Why loading the debug/refresh endpoint causes correlation searches to stop producing notable events?

Any time I load the debug/refresh endpoint, correlation searches stop running. Or, at least, they stop producing nota...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 03-26-2015
0 1
0
1
jonathan_cooper

ES Data Model Acceleration - Never Finishes/Stuck at 99%

I'm working on tuning our data model accelerations and the first problem I'm running into is that they never finish. ...
by jonathan_cooper Communicator in Splunk Enterprise Security 03-26-2015
7 8
7
8
adsplunk1

Splunk for Enterprise Security: Is it possible to allow non-admin users to create notable events manually?

Good afternoon. This is related to Enterprise Security 3.1.1 build 219910. Is it possible to allow a non-admin user...
by adsplunk1 New Member in Splunk Enterprise Security 03-18-2015
0 2
0
2
RiccardoV

Splunk for Enterprise Security: How can I force Splunk to check for a new version of my CSV threat lists?

Hi, I am using Splunk 6.2.2 and Enterprise Security 3.1.1. I have a bunch of threat lists (the actual URLs are looku...
by RiccardoV Communicator in Splunk Enterprise Security 03-18-2015
1 1
1
1
coolwater77

Creating workflows using ES App

Can I create a security operations workflows using the ES app? For example, if I want a ticket to be opened in the ti...
by coolwater77 Explorer in Splunk Enterprise Security 03-15-2015
1 5
1
5
Chubbybunny

Splunk App for Enterprise Security: After disabling the Google search feature, why is it still an available option in the Incident Review dashboard?

I've disabled the Google search feature in ./SA-ThreatIntelligence/local/workflow_actions.conf and confirmed it is no...
by Chubbybunny Splunk Employee Splunk Employee in Splunk Enterprise Security 03-11-2015
1 1
1
1
dschmidt_cfi

Splunk App for Enterprise Security 3.2.1: Why am I getting hourly script failure errors with configuration_check.py on the search head?

I realize this will be simple for someone with more experience than I have. Running 2 search heads, 2 indexers, manag...
by dschmidt_cfi Path Finder in Splunk Enterprise Security 03-11-2015
2 13
2
13
mcronkrite

In threatlists can you have multiple values in url?

Can you have multiple domain names on single url field? Or does every row have to have single domain name?
by mcronkrite Splunk Employee Splunk Employee in Splunk Enterprise Security 03-07-2015
0 4
0
4
john_miller1

Splunk App for Enterprise Security: Is there a way to clear out all previously imported Nessus data?

I have been testing the Splunk Add-on for Nessus and want to start using the feature with fresh data. Is there a way...
by john_miller1 Explorer in Splunk Enterprise Security 03-03-2015
0 1
0
1
skathpal

Splunk ES APP Correlation Search Email Output Action

Hello Everyone, I need to setup the email output action for ES APP correlation Searches , I have found that we cant ...
by skathpal Explorer in Splunk Enterprise Security 02-26-2015
0 1
0
1
mzorzi

Splunk App for Enterprise Security: Why am I getting error "undefined symbol: __xmlStructuredErrorContext" when merging an identity?

According to the documentation for ES Asset management here: http://docs.splunk.com/Documentation/ES/3.2.1/User/Asse...
by mzorzi Splunk Employee Splunk Employee in Splunk Enterprise Security 02-26-2015
1 1
1
1
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...