Splunk Enterprise Security

Discussions

Thread Info

How to set up a SOC with Splunk ?

I have no experience and I need to set up a SOC/NOC with Splunk. Thank you for andurstanding me and helping me.

by New Member in

Splunk Enterprise Security and Splunk 6.5.2: When clicking "Event Actions" button within an expanded event, why do I receive "TypeError: message is undefined" error?

Since upgrading Splunk to 6.5.2, in the Splunk Enterprise Security (ES) search page I get "TypeError: message is unde...

by New Member in

How to create an alert that works with Fortigate Active Response?

Having a hard time getting an alert that works with FortigateAR. We want to use FortigateAR to block SourceIP based o...

by Engager in

Splunk Enterprise Security: Is it possible to embed an Adaptive Response hyperlink into the Notable Event Next Steps?

I know that it is possible to embed an Adaptive Response hyperlink into the next steps section of Splunk Enterprise S...

by Splunk Employee in

How can I display hosts which do not have AntiVirus installed but require it in Splunk Enterprise Security?

All, Might just be lack of caffeine here. But I can't quite get this subsearch working. I have my assets.csv ...

by Builder in

Splunk Enterprise Security: Is it recommended to turn data model acceleration on or use correlation search for the Identity Management data model?

Does it make sense to turn data model acceleration on for the Incident Management data model (default summary range i...

by Path Finder in

Does the Splunk Add-on for Bit9 Carbon Black format the CB JSON md5 field to either Malware.file_hash or Email.file_hash?

Does the Splunk Add-on for Bit9 Carbon Black format the CB JSON md5 field to either Malware.file_hash or Email.file_h...

by Path Finder in

Splunk Enterprise Security: Why does Inputlookup (kvstore) not showing all available fields?

Splunk Enterprise version is 6.5.2 kvstore correlationsearches_lookup is defined in app SA-ThreatIntelligence (ver...

by New Member in

Creating new notable events based on new inputs via Enterprise Security's correlation engine

Does anyone have any advice on how to use Splunk's pre-canned correlation searches within Enterprise Security and hav...

by Explorer in

Any recommendations on how to display Splunk Enterprise Security dashboards on our SOC wall display?

All, So we have Splunk Enterprise Security (ES) working. Some of the dashboards are pretty nifty and we're thinki...

by Builder in

Commands not usable from Enterprise Security?

I have an app installed from Splunkbase, which has custom search command defined in it. I've set the commands to be g...

by Communicator in

Splunk Enterprise Security: How to use Extreme Search to build Correlation Searches?

I am very new using Extreme Searches. I have used the extreme search example that is displayed on the page in Splunk ...

by Engager in

Splunk Enterprise Security: How to configure data enrichment?

As I am fairly new to SHC, I seem to be getting the same message in ES when attempting to edit/view > Configure > Dat...

by Path Finder in

Why is my server skipping a lot of accelerated searches?

One of my servers is skipping a lot of accelerated searches, like 80% per each hour. I've got Splunk Enterprise Secur...

by Contributor in

How to control POSIX Identity Lookup done by Linux Auditd app?

Hi, We use Linux Auditd app in our environment in conjunction with Splunk Enterprise Security (ES). Is there a way...

by Builder in

Splunk Enterprise Security: Why is the alert "Activity from an expired identity" getting triggered when no identities have expired?

I have populated identities.csv on Splunk Enterprise Security and enabled the alert of "Activity from an expired iden...

by Communicator in

Splunk Enterprise Security: Why am I receiving error "The correlation search...has no corresponding saved searches stanza"?

Hi, I received this messages error : The correlation search XXXX in app "SplunkEnterpriseSecuritySuite" has no cor...

by Explorer in

Splunk Enterprise Security: Receiving errors ""A script exited abnormally" input=".\bin\xxxx.py" stanza="default" status="exited with code 1"". How to resolve?

Hi I keep receiving this error message from Splunk Enterprise Security (ES) on my custom python application, thoug...

by Explorer in

How to edit my search to use eval variables in subsearches

Hello Splunk experts, Stuck trying to get something working and hoping one of you experts can point me in the righ...

by Path Finder in

Splunk Enterprise Security: Why am I getting threat list "download has failed" errors?

Hi Folks, We are working on getting our Splunk Enterprise Security environment working properly and have it mostly...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to set up a SOC with Splunk ?

Splunk Enterprise Security and Splunk 6.5.2: When clicking "Event Actions" button within an expanded event, why do I receive "TypeError: message is undefined" error?

How to create an alert that works with Fortigate Active Response?

Splunk Enterprise Security: Is it possible to embed an Adaptive Response hyperlink into the Notable Event Next Steps?

How can I display hosts which do not have AntiVirus installed but require it in Splunk Enterprise Security?

Splunk Enterprise Security: Is it recommended to turn data model acceleration on or use correlation search for the Identity Management data model?

Does the Splunk Add-on for Bit9 Carbon Black format the CB JSON md5 field to either Malware.file_hash or Email.file_hash?

Splunk Enterprise Security: Why does Inputlookup (kvstore) not showing all available fields?

Creating new notable events based on new inputs via Enterprise Security's correlation engine

Any recommendations on how to display Splunk Enterprise Security dashboards on our SOC wall display?

Commands not usable from Enterprise Security?

Splunk Enterprise Security: How to use Extreme Search to build Correlation Searches?

Splunk Enterprise Security: How to configure data enrichment?

Why is my server skipping a lot of accelerated searches?

How to control POSIX Identity Lookup done by Linux Auditd app?

Splunk Enterprise Security: Why is the alert "Activity from an expired identity" getting triggered when no identities have expired?

Splunk Enterprise Security: Why am I receiving error "The correlation search...has no corresponding saved searches stanza"?

Splunk Enterprise Security: Receiving errors ""A script exited abnormally" input=".\bin\xxxx.py" stanza="default" status="exited with code 1"". How to resolve?

How to edit my search to use eval variables in subsearches

Splunk Enterprise Security: Why am I getting threat list "download has failed" errors?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

incident_review migration to new splunk enterprise...

What is the retention period for summaries generat...

Why the System Center does not show data from Wind...

Adding key indicator search to custom dashboard in...

How to send only not suppressed notable from Splun...