Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
kedjjang

Enterprise Security threatList ???

On the home screen of Enterprise Security > Setting > Data Model, there are a number of data model lists. Which field...
by kedjjang Path Finder in Splunk Enterprise Security 05-22-2015
0 1
0
1
ksncksnc

Is there an option to auto refresh the incident review in Splunk Enterprise Security app?

by ksncksnc Engager in Splunk Enterprise Security 05-20-2015
1 2
1
2
lbogle

How do I delete incidents from Splunk ES

Hello Splunkers, ES was recently deployed in our environment and some incidents were created as part of testing funct...
by lbogle Contributor in Splunk Enterprise Security 05-17-2015
2 1
2
1
dimitris_vergos

ES app. bringing in _internal data into dashboards

Hello, I am seeing that ES app. also brings in data from the _internal index and add it to the ES application dashbo...
by dimitris_vergos Path Finder in Splunk Enterprise Security 05-14-2015
0 2
0
2
it7272

Does ES3.3 on Search-Head running 6.2.3 and indexers running on 6.2.2 work?

In a distributed Search environment, is it required to upgrade the Indexers to the latest version of Splunk or can we...
by it7272 Engager in Splunk Enterprise Security 05-14-2015
0 4
0
4
udayk1

Custom Search and notable events

We have certain custom searches in Enterprise Security App for example "New MAC Address found in the network", even t...
by udayk1 Path Finder in Splunk Enterprise Security 05-13-2015
0 2
0
2
kwonx149

Splunk App for Enterprise Security : Could you let me know some sources to download threat feeds?

Splunk App for Enterprise Security : Could you let me know some sources to download threat feeds?
by kwonx149 Engager in Splunk Enterprise Security 05-12-2015
0 1
0
1
ksncksnc

I see 5 Additional fields in one notable event and 10 additioinal fields in another notable event under incident review. Can I configure the additional fields that can be displayed?

by ksncksnc Engager in Splunk Enterprise Security 05-12-2015
1 1
1
1
echojacques

Splunk for Symantec vs TA-sep/sav - what's the difference?

Hello, I have Splunk 6 and Enterprise Security 3 (latest version). I'm also indexing data from our Symantec endpoin...
by echojacques Builder in Splunk Enterprise Security 05-12-2015
1 4
1
4
jemeche

Workflow status and ownership reset after 2.41 to 3.22 ES upgrade

I recently upgraded to ES 3.2.2 on a splunk 6.2.2 deployment. For some reason all notable events have been reset to...
by jemeche New Member in Splunk Enterprise Security 05-11-2015
0 1
0
1
rubeniturrieta

How to integrate Splunk for Enterprise Security with Active Directory to detect security events?

Hi everyone, I have Splunk App for Enterprise Security, and i want to integrate it with Active Directory. I already ...
by rubeniturrieta Communicator in Splunk Enterprise Security 05-03-2015
0 1
0
1
vanadisc

Threat List Activity dashboard?

Hello, As the title suggests, I have some general questions regarding the threat list activity dashboard. Q1: Where...
by vanadisc Engager in Splunk Enterprise Security 05-03-2015
1 1
1
1
tegosa

Splunk ES Proxy Log Query Explanation Needed Regarding xswhere and "is above high"

I can not find anything in the docs regarding "xswhere" and this "is above high" Here is the query : | tstats allow_o...
by tegosa New Member in Splunk Enterprise Security 05-01-2015
0 1
0
1
luckymaddy

Email Alerts

Hi, I want to set an “Email alert when User failed login 5 times in last 10 minutes. Please help me. Thanks in Adva...
by luckymaddy Explorer in Splunk Enterprise Security 04-28-2015
0 3
0
3
luckymaddy

Splunk App for Enterprise Security: Are there any test plans and sample test cases related to security using this app?

Hi All, I am new to Splunk. In my project we are using Splunk App for Enterprise security. I would like to know what...
by luckymaddy Explorer in Splunk Enterprise Security 04-27-2015
0 8
0
8
masiddiqu

How to deploy the Splunk App for Enterprise Security in an Indexer and Search Head Clustering environment?

Hi, I am trying to simulate a cluster environment for the Splunk App for Enterprise Security. The setup is: -Two I...
by masiddiqu Explorer in Splunk Enterprise Security 04-23-2015
0 3
0
3
georget

After integrating a new Key Security Indicator in an Enterprise Security dashboard, how do I get the drilldown URL to point to a dashboard in my custom app?

Hi, I've created a new Key Security Indicator for my app and have integrated it in the Security Posture dashboard of...
by georget Explorer in Splunk Enterprise Security 04-22-2015
0 3
0
3
bheemireddi

Can multiple instances of the Splunk App for Enterprise Security point to same indexer cluster?

I have a scenario. The customer has two teams ABC, XYZ and they have their own Enterprise Security setup. each team h...
by bheemireddi Communicator in Splunk Enterprise Security 04-18-2015
1 1
1
1
Splunk_Bw

After a fresh installation, how do I deploy the Splunk App for Enterprise Security?

I have been assigned the task of deploying the Splunk App for Enterprise Security on Linux machines. Here is my requi...
by Splunk_Bw Explorer in Splunk Enterprise Security 04-16-2015
0 2
0
2
coleman07

How to extract time string represented by hex (TA-sav)?

The sample data which comes with the TA-sav add-on has its timestamp in a weird hexadecimal format. It looks like th...
by coleman07 Path Finder in Splunk Enterprise Security 04-09-2015
0 3
0
3
mcronkrite

can you have a domain in a threatlist url?

Can you put in the url field of the threat list a domain value? For example, these were where domains were listed xx...
by mcronkrite Splunk Employee Splunk Employee in Splunk Enterprise Security 03-27-2015
0 1
0
1
tkopchak

Splunk for Enterprise Security: Why loading the debug/refresh endpoint causes correlation searches to stop producing notable events?

Any time I load the debug/refresh endpoint, correlation searches stop running. Or, at least, they stop producing nota...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 03-26-2015
0 1
0
1
jonathan_cooper

ES Data Model Acceleration - Never Finishes/Stuck at 99%

I'm working on tuning our data model accelerations and the first problem I'm running into is that they never finish. ...
by jonathan_cooper Communicator in Splunk Enterprise Security 03-26-2015
7 8
7
8
adsplunk1

Splunk for Enterprise Security: Is it possible to allow non-admin users to create notable events manually?

Good afternoon. This is related to Enterprise Security 3.1.1 build 219910. Is it possible to allow a non-admin user...
by adsplunk1 New Member in Splunk Enterprise Security 03-18-2015
0 2
0
2
RiccardoV

Splunk for Enterprise Security: How can I force Splunk to check for a new version of my CSV threat lists?

Hi, I am using Splunk 6.2.2 and Enterprise Security 3.1.1. I have a bunch of threat lists (the actual URLs are looku...
by RiccardoV Communicator in Splunk Enterprise Security 03-18-2015
1 1
1
1
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...
Top Solution Authors
View All