Splunk Enterprise Security

Discussions

Thread Info

Splunk Enterprise Security: How to troubleshoot why a Threat Intelligence download is failing for a single download source?

We are having an issue where a single threat intelligence download is failing (SANS blocklist) regularly. I can wget ...

by Explorer in

Splunk Enterprise Security: Is there a workaround for duplicate events being reported by ES Search Head?

We have Splunk Enterprise Security (ES) Search Head (SH) which is reporting duplicate events even though those events...

by Splunk Employee in

WannaCry [New variants] : How to detect the new variants of the ransomware?

I read the blog post that Splunk put out on Wannacry over the weekend which was really helpful to detect some of thos...

by Splunk Employee in

Splunk Enterprise Security: After upgrading, why do I receive error "Install cannot continue because some apps are configured to deny disablement"?

upgraded Splunk Enterprise Security (ES) from v4.5.2 and after restarting Splunk and navigating to the ES app, we rec...

by Splunk Employee in

Should Splunk Enterprise Security be the only thing installed on a Search Head?

I've been told that "Best Practices" (one of my least favorite terms) is to leave Splunk Enterprise Security (ES) on ...

by New Member in

Enterprise Security: How to add swimlanes of custom sourcetypes to Identity Investigator dashboard?

Hey Splunkers, Our securty team really likes the Identity Investigator dashboard. Only things is -- it would be GR...

by Path Finder in

How to edit my search to get the required common value?

I am trying to create an rule with 2 information "Expected Host Not Reporting" & "Network Device Interface Down" I...

by Communicator in

Can you upgrade Splunk Enterprise Security on a test server that points at the same Index layer?

I am planning out the first upgrade of Splunk Enterprise Security (Splunk ES) and am working out how. When we install...

by New Member in

Splunk Enterprise Security and Windows Server

Hello, I have a client who is insisting on building an on-prem Splunk environment with Windows Servers. Can som...

by Explorer in

Enterprise Security - SA-ThreatIntelligence - Checkpoint file error

Hello, I'm troubleshooting an error I get with SA-ThreatIntelligence in ES: in Data inputs » Threat Lists, I have ...

by Explorer in

How to edit my data model search to reference a lookup table?

Hi All, I am working on developing a search in Splunk Enterprise Security that will reference a lookup table name...

by New Member in

How to use the threat feed I added using threat intelligence downloads in Splunk Enterprise Security?

Hi Splunkers, I would like to know how to use threat feed which I have added using threat intelligence downloads i...

by Path Finder in

Splunk Enterprise Security: How to use a downloaded threat intelligence source as a lookup?

Hello, I added a new threat intelligence source in Splunk Enterprise Security (https://ransomwaretracker.abuse.ch/...

by Explorer in

How to prevent congestion between Heavy Forwarders and Indexers?

We have observed yesterday that there was around 90+% of indexing queue on our indexers. This resulted in failed c...

by Contributor in

My Key Security Indicators aren't working after removing the default "admin" account (display "Unable to load results")

I recently removed the default "admin" account and am now finding that the Key Indicators no longer work. Are these r...

by Champion in

Can I have the Palo Alto App for Splunk without the index?

Apparently I need the app to be able to use it's Panorama integration. But I don't think that I need the 100+GB of in...

by Builder in

Splunk Enterprise Security: How to manually trigger notables?

We had an outage of 2 hours for all Enterprise Security Search Heads. During this period, we missed few notables to "...

by Super Champion in

Why do I receive different results between two different applications?

I have a simple search index=myIndex sourcetype=mySourcetype If I run the search in the Splunk Enterprise Secu...

by Contributor in

Infoblox Sourcetype Branch Failures

We are taking in infoblox logs via syslog and are getting inconsistent results. We have a clustered environment. The ...

by Communicator in

DomainTools App and TA for Splunk: Why am I unable to save credentials?

We use Splunk Enterprise Security (which uses SA-DomainTools) for whois. Our API license and key is therefore already...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk Enterprise Security: How to troubleshoot why a Threat Intelligence download is failing for a single download source?

Splunk Enterprise Security: Is there a workaround for duplicate events being reported by ES Search Head?

WannaCry [New variants] : How to detect the new variants of the ransomware?

Splunk Enterprise Security: After upgrading, why do I receive error "Install cannot continue because some apps are configured to deny disablement"?

Should Splunk Enterprise Security be the only thing installed on a Search Head?

Enterprise Security: How to add swimlanes of custom sourcetypes to Identity Investigator dashboard?

How to edit my search to get the required common value?

Can you upgrade Splunk Enterprise Security on a test server that points at the same Index layer?

Splunk Enterprise Security and Windows Server

Enterprise Security - SA-ThreatIntelligence - Checkpoint file error

How to edit my data model search to reference a lookup table?

How to use the threat feed I added using threat intelligence downloads in Splunk Enterprise Security?

Splunk Enterprise Security: How to use a downloaded threat intelligence source as a lookup?

How to prevent congestion between Heavy Forwarders and Indexers?

My Key Security Indicators aren't working after removing the default "admin" account (display "Unable to load results")

Can I have the Palo Alto App for Splunk without the index?

Splunk Enterprise Security: How to manually trigger notables?

Why do I receive different results between two different applications?

Infoblox Sourcetype Branch Failures

DomainTools App and TA for Splunk: Why am I unable to save credentials?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

incident_review migration to new splunk enterprise...

What is the retention period for summaries generat...

Why the System Center does not show data from Wind...

Adding key indicator search to custom dashboard in...

How to send only not suppressed notable from Splun...