Splunk Enterprise Security

Discussions

Thread Info

Splunk App for Enterprise Security 3.2.1: Why am I getting hourly script failure errors with configuration_check.py on the search head?

I realize this will be simple for someone with more experience than I have. Running 2 search heads, 2 indexers, manag...

by Path Finder in

In threatlists can you have multiple values in url?

Can you have multiple domain names on single url field? Or does every row have to have single domain name?

by Splunk Employee in

Splunk App for Enterprise Security: Is there a way to clear out all previously imported Nessus data?

I have been testing the Splunk Add-on for Nessus and want to start using the feature with fresh data. Is there a way ...

by Explorer in

Splunk ES APP Correlation Search Email Output Action

Hello Everyone, I need to setup the email output action for ES APP correlation Searches , I have found that we can...

by Explorer in

Splunk App for Enterprise Security: Why am I getting error "undefined symbol: __xmlStructuredErrorContext" when merging an identity?

According to the documentation for ES Asset management here: http://docs.splunk.com/Documentation/ES/3.2.1/User/As...

by Splunk Employee in

Splunk Enterprise Security - TSIDX-dependent Correlation Searches not working after 3.0 upgrade

We recently upgraded our Enterprise Security instance to v3.0 from v2.4. After the upgrade, I noticed that Correlatio...

by Communicator in

Is there way to use hash or file name matches for threatlist?

by Splunk Employee in

Splunk App for Enterprise Security: If I add a new custom threatlist, will it match old events too or only new events after creating the threatlist?

Hi, I have a question about custom threatlists in Splunk App for Enterprise Security. If I add a new custom threat...

by Communicator in

Which type of file can I add as threat list in Splunk Enterprise Security?

Hi guys, I am wondering if I could use a binary file with my own format as threat list in Splunk ES app. That file co...

by Communicator in

Splunk Enterprise Security and Notable Events

Hi, I"m running the Enterprise Security app and I"m facing the following issue: Notable events or Incidents are...

by Explorer in

When do I need to surround a field name with single ticks, double ticks, and when do I not need them at all in a search?

I'm trying to integrate McAfee data into ES and I am having difficulties using the datamodel command. Why does thi...

by Motivator in

Since Enterprise Security can only have 1 instance running, how do you handle high availability if that search head stops working?

Hi all, Have a 2 site distributed-architecture of Splunk, with 1 Search-Head in either site (and indexers and heav...

by Communicator in

customizing fields in incident review tickets

Can I customized the fields that I see for an incident ticket for the notable event in the incident review dashboard....

by Explorer in

Splunk App for Enterprise Security: Why are all dashboards and reports empty even with the Splunk Add-on for Microsoft Windows installed?

I installed the Splunk App for Enterprise Security, but all dashboards and reports are empty. The Splunk_TA_windows A...

by Contributor in

How to get IIS events into Enterprise Security App

Splunkers, I am trying to get IIS log W3C log events into Enterprise Security App. I made the IIS events an eventt...

by New Member in

What do backticks do in searches?

Hello, I was trying to understand the queries used for ES app and found that many searches are simplified as whate...

by Path Finder in

How to install the Splunk App for Enterprise security on indexers in my deployment?

I'm running 4 indexers, 1 search head and 1 master as my splunk enterprise architecture . I've read the instructions ...

by Explorer in

ESS dashboards are taking from 1 to 2 minutes to load

Identity Manager and Assests Manager ESS dashboards are taking from 1 to 2 minutes to load The SH is a Linux 64 bit S...

by Splunk Employee in

Lookup Tables Not functioning

I looked at Splunk Answer and saw that there is a known issue that is reported as a false-positive. However, I do not...

by Contributor in

Editing Notable Events is running slow

I'm experiencing quite slow executions of host:8000/custom/SA-ThreatIntelligence/notable_events/update_status when ed...

by SplunkTrust in

Enterprise Security - New Domain Analysis Dashbaord - Help with the WHOIS functionality

Hey Splunkers, Working on configuring Enterprise Security and need a hand with New Domain Analysis Dashboard. Here...

by Path Finder in

Can the Splunk app for enterprise Security be installed as an app in Hunk?

Can the Enterprise Security app run in Hunk and process/analysis data that are store in Hadoop directly?

by New Member in

security app for splunk

dear all I would like to try security app for splunk, how to get a demo ? is there any online demo or lab ? regards

by Engager in

Why am I getting error"The path '/en-US/custom/TA-snort/taunixsetup/TA-snort/setup" when trying to install Splunk add-on for Snort?

When trying to install the Splunk add-on for Snort on Enterprise Security the following error is shown: http://img...

by New Member in

Splunk App for Enterprise Security: Is there a way to reset all the correlation searches to default?

Hello, I forgot to copy the default correlation searches and made some alteration to the queries. As a result, I'm...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk App for Enterprise Security 3.2.1: Why am I getting hourly script failure errors with configuration_check.py on the search head?

In threatlists can you have multiple values in url?

Splunk App for Enterprise Security: Is there a way to clear out all previously imported Nessus data?

Splunk ES APP Correlation Search Email Output Action

Splunk App for Enterprise Security: Why am I getting error "undefined symbol: __xmlStructuredErrorContext" when merging an identity?

Splunk Enterprise Security - TSIDX-dependent Correlation Searches not working after 3.0 upgrade

Is there way to use hash or file name matches for threatlist?

Splunk App for Enterprise Security: If I add a new custom threatlist, will it match old events too or only new events after creating the threatlist?

Which type of file can I add as threat list in Splunk Enterprise Security?

Splunk Enterprise Security and Notable Events

When do I need to surround a field name with single ticks, double ticks, and when do I not need them at all in a search?

Since Enterprise Security can only have 1 instance running, how do you handle high availability if that search head stops working?

customizing fields in incident review tickets

Splunk App for Enterprise Security: Why are all dashboards and reports empty even with the Splunk Add-on for Microsoft Windows installed?

How to get IIS events into Enterprise Security App

What do backticks do in searches?

How to install the Splunk App for Enterprise security on indexers in my deployment?

ESS dashboards are taking from 1 to 2 minutes to load

Lookup Tables Not functioning

Editing Notable Events is running slow

Enterprise Security - New Domain Analysis Dashbaord - Help with the WHOIS functionality

Can the Splunk app for enterprise Security be installed as an app in Hunk?

security app for splunk

Why am I getting error"The path '/en-US/custom/TA-snort/taunixsetup/TA-snort/setup" when trying to install Splunk add-on for Snort?

Splunk App for Enterprise Security: Is there a way to reset all the correlation searches to default?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Asset Identity Framework subnet does not match ip-...

Palo Alto apps and add-ons for splunk

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions