Splunk Enterprise Security

Community Activity

$SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space Hi All, The data checkpoint file for cloudtrail logs is taking up a lot of disk space (over 100 GB). Is this a norma... by singhvishakha29 Engager in Splunk Enterprise Security 01-02-2024 0 2	0	2
Splunk Enterprise security Audit logs API How can we fetch the events performed by users in Splunk Enterprise security product from API's? by Chandrashekharg Engager in Splunk Enterprise Security 12-28-2023 0 1	0	1
inputintelligence command not working hiWhen I type this command, the following error message is displayed.\| inputintelligence mitre_attackerror command:Er... by mekhanlarloo Loves-to-Learn Lots in Splunk Enterprise Security 12-26-2023 0 2	0	2
Linux Logs I am working on Linux based usecases that are available in Splunk ESCU. Most of the usecases are using Endpoint. proc... by sinhashubham014 Engager in Splunk Enterprise Security 12-26-2023 0 1	0	1
Where does the information related to Splunk Investigation get store in Splunk ? Where is the data from the Splunk Enterprise Security (ES) Investigation Panel stored?In the previous version, it see... by payal_4296 New Member in Splunk Enterprise Security 12-18-2023 0 0	0	0
Search for Alert Monitoring. hello,Could anyone assist me in creating a correlation search to detect triggered alerts across all searches. This wi... by Raj Builder in Splunk Enterprise Security 12-16-2023 0 24	0	24
Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake? We are having issues with pan:firewall_cloud parser (which came with the Palo Alto Netowrks Add-on) not parsing logs ... by Dave2d Engager in Splunk Enterprise Security 12-08-2023 0 6	0	6
How to create separate incident review dashboard for different team. Dear All,Please suggest how to create separate incident review dashboard for different team.OR How the notable will s... by Nraj87 Explorer in Splunk Enterprise Security 12-06-2023 0 2	0	2
How do I solve ES Error: Cannot read properties of undefined (reading 'value')? Hello together, I installed in Splunk Single Instance Deployment with version 9.0.4 the Splunk ES 7.11 via CLI. If i ... by omshanti Engager in Splunk Enterprise Security 12-06-2023 1 3	1	3
Tune out blocks for Threat Activity Detected in ES. I'm a bit of a rookie and trying to tune the "Threat Activity Detected" correlation search in ES. I would like to tak... by jbillings Path Finder in Splunk Enterprise Security 12-03-2023 2 1	2	1
Changing time in my CMC app!! Hi,I'm new to Splunk and wanted to change the time zone of my Splunk cloud deployment.As of now in my Cloud Monitorin... by vishenps Path Finder in Splunk Enterprise Security 11-30-2023 0 3	0	3
Exclude a Region/Country Hello, when I run the below SPL , it gave me all the region that a user have accessed from. if I want to exclude a r... by codeJesus Engager in Splunk Enterprise Security 11-30-2023 0 2	0	2
MITRE ATT&CK Navigator Layer Is anyone aware of a way, other than manually, of creating a MITRE ATT&CK Navigator Layer based on the rules enabled ... by sidoyle_ Explorer in Splunk Enterprise Security 11-30-2023 1 1	1	1
Updating all the apps On Splunk cloud Victoria(latest) in one go!! Hi Splunkers,I do see 5-6 apps to update in my Splunk cloud, it's asking for restart whenever I'm hovering over updat... by vishenps Path Finder in Splunk Enterprise Security 11-28-2023 0 5	0	5
How can I automatically and evenly assign notables to the team in ES? Hi,I'm trying to setup a way to automatically assign notables to the analysts, and evenly. The "default owner" in the... by EssKay Engager in Splunk Enterprise Security 11-27-2023 0 0	0	0
How to send email from ES adaptive response action? I want to send customize email from Splunk ES adaptive response action. How do i add custom templet for email Messa... by abi2023 Path Finder in Splunk Enterprise Security 11-20-2023 0 2	0	2
Indexer Volumes(Disks) in a Smartstore configuration Hi All, It is recommended to use the i3.8xlarge instance type which comes with ephemeral storage for Splunk indexers... by WILLIAMSN02 Engager in Splunk Enterprise Security 11-16-2023 1 2	1	2
How to move Enterprise Security to new search head I'm planning on moving the Enterprise Security app from one search head to another; search heads are not clustered. ... by jonathanpeckham Explorer in Splunk Enterprise Security 11-14-2023 0 6	0	6
Risk-Based Alerting FAQs For new RBA users, here are some frequently asked questions to help you better get started with the product.1. What ... by loriexi Splunk Employee in Splunk Enterprise Security 11-09-2023 0 0	0	0
Description for Notable becomes "Success" I have a fairly hefty search that are looking for potential brute-force attempts in my network. I have verified that ... by NTNS New Member in Splunk Enterprise Security 11-08-2023 0 1	0	1
Identies question Hello,I've set up an identity lookup using ldapsearch - it creates an identity of "username" that contains various de... by Niro Explorer in Splunk Enterprise Security 11-07-2023 0 5	0	5
Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen Hello, We have issues to merge our dhcp_asset_list (made of dns record, mac and ip address) into the Asset & Identit... by jeanyvesnolen Path Finder in Splunk Enterprise Security 11-07-2023 3 7	3	7
threat intelligence upload not working too i get this error when upload a csv file with 2 column that included id number and maliciuos domain but when i go to t... by saraomd93 Path Finder in Splunk Enterprise Security 11-06-2023 0 0	0	0
Threat intelligence issue After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot wr... by Alan_Chan000 Loves-to-Learn Lots in Splunk Enterprise Security 11-06-2023 0 1	0	1
Splunk Security Essentials I've downloaded the splunk security essential files all into my laptop, but I can't figure out how to upload into int... by bennett_riegel New Member in Splunk Enterprise Security 11-02-2023 0 4	0	4