Splunk Enterprise Security

Discussions

Thread Info

Is there any way to add a custom time to a notable event in Splunk ES?

In Splunk ES we have correlation searches creating notable events. The timestamp of the notable event, and thus the t...

by Builder in

How to stop ingesting from 1 of 4 firewalls?

I need to stop ingesting from 1 of 4 of my firewalls. The path of our architecture is firewalls >>>syslog>>>>depl...

by Loves-to-Learn in

How to troubleshoot the Adaptive Response script not running?

Hello everyone, I have set an Adaptive Response Action (custom bash script) along with a Notable event on a simple...

by Communicator in

Which app(s) for Microsoft Windows Defender ATP?

I see 3 different apps from 3 different authors on splunkbase for Microsoft Windows Defender ATP ; which one is the o...

by Esteemed Legend in

Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready?

I have setup Microsoft defender for endpoint inputs with many add on but It looks as though most of the add on are no...

by Loves-to-Learn Everything in

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Hi, So, I have got 2 instances of Cisco Firepower management centers. I need to connect these 2 FMCs to our eStreamer...

by New Member in

Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events?

1.Which firewall port is used for SPLUNK integration with EPM SaaS?2.Any idea about the volume of events received in ...

by Loves-to-Learn in

Is there a way to optimize correlation search with tstats?

Hello everyone, I have a correlation search setup to detect Suricata IDS alerts of a specific severity and trigger...

by Communicator in

How to export and print a splunk dashboard in python?

I want to export the result of a Splunk dashboard and authentication would be via SSO/SAML. I can provide the usernam...

by Communicator in

Can I inherit from the CIM Model?

We have lots of firewalls (both internal and internet facing) feeding into our CIM Network_Traffic Model within Enter...

by Engager in

How to see newly created calculated field/field alias/field extraction in the logs ?

Hi All, I have created a newly created field/field alias/field extraction with GLOBAL Permissions.Example | eval t...

by Explorer in

In ES 6.6.x and higher: What is "Parse Domain from URL" under the Global Setting of Threat Intelligence Management?

In ES 6.6.x and higher, what is the meaning of "Parse Domain from URL" under the Global Setting of Threat Intelligenc...

by Path Finder in

Sonultra TAXII: How to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service?

I am trying to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service I have set up the Int...

by Explorer in

Questions about Data Model new source addition.

I have this 'Email' Data Model in ES. The model is populated by macro and tags(2 eventypes populated by saved search...

by Contributor in

Why is gia_summary index not populating?

I've been investigating why I started to not receive ES events for some time now. After upgrading ES, I had to reins...

by Builder in

How to use Time format picker

Hi, i have an requirement as like below. TimeStampLoginUsersAvg SLAMin SLA Max SLA20-02-2022 11:3035113.420-02-...

by Engager in

How to limit memory usage for a search?

Could you please tell me about the following? If I want to limit memory usage for a search, is it correct to think th...

by Communicator in

Upgrade Failing with OSError type 28

Hello All, I am testing the upgrade from ES 6.2.0 to 6.6.2. When I do the upgrade it fails with OSError type 28 no...

by Contributor in

Assets Exceeding Field Limits, Source: [merge]

Been getting messages saying that some identities are exceeding the field limits. I've increased the limit on some of...

by Path Finder in

How to create an Index in splunk to send data through TCP port

We have some firewall devices sending data to one index previously. Now I have to create new index for some of the de...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Is there any way to add a custom time to a notable event in Splunk ES?

How to stop ingesting from 1 of 4 firewalls?

How to troubleshoot the Adaptive Response script not running?

Which app(s) for Microsoft Windows Defender ATP?

Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready?

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events?

Is there a way to optimize correlation search with tstats?

How to export and print a splunk dashboard in python?

Can I inherit from the CIM Model?

How to see newly created calculated field/field alias/field extraction in the logs ?

In ES 6.6.x and higher: What is "Parse Domain from URL" under the Global Setting of Threat Intelligence Management?

Sonultra TAXII: How to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service?

Questions about Data Model new source addition.

Why is gia_summary index not populating?

How to use Time format picker

How to limit memory usage for a search?

Upgrade Failing with OSError type 28

Assets Exceeding Field Limits, Source: [merge]

How to create an Index in splunk to send data through TCP port

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Instrumenting Java Websocket Messaging

Anyone have a search for meant time to triage for ...

How to create Splunk alert to detect unauthorized ...

Is there customization required for Salesforce int...

How do I stop Multiple Analysts from grabbing the ...

Is there a way to search for updated DAT and AMCOR...