Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Tuning Risk Scores and resetting score values

Hi, I'm in the process of tuning our risk scores, as applied to objects (users or assets) from a correlation searc...

by Communicator in

Upgrading Splunk Enterprise Security fails on enabling / disabling add-ons - Solution

Hi All, I am just posting a solution to an issue I have had with two upgrades for Splunk Enterprise Security. Firs...

by Path Finder in

Learning SIEM basics

Hello, I now have fairly good experience with Splunk and want to learn more about SIEM but not sure where to start...

by Contributor in

Splunk Enterprise Security: What is the best way to add details to asset information?

Hello Splunkers, Can someone provide some guidance on what is the best or recommended method of adding context to ...

by Path Finder in

How to use earliest and latest in my inputlookup search to filter results?

Hello Splunk Answers! I'm relatively new to Splunk - pardon if this is a very basic question. I've looked through ...

by Engager in

Why does Enterprise Security 3.0 not see the tags or field aliases properly in Splunk 6.0 or 6.1?

I have Splunk Enterprise 6.1, I've had the same issue on 6.0, and Enterprise Security 3.0 running. I pull in a dataso...

by Path Finder in

Are Splunk Enterprise Security and Splunk User Behavior Analytics (Splunk UBA) totally independent apps?

Hi, Is Splunk Enterprise Security and Splunk User Behavior Analytics (Splunk UBA) totally independent apps? Do ...

by Explorer in

Splunk Enterprise Security 4.x app questions

We've provided some background info to go with the questions as they relate to the Splunk Enterprise Security 4.x app...

by New Member in

Does anyone have test data that can fire off various correlation searches for notable events in Splunk Enterprise Security?

Hi, Does anyone in the community have test data that can fire off various Correlation Searches for Notable Events ...

by Engager in

Splunk Enterprise Security: Some dashboards are populated with data, but why not the Threat Activity dashboard?

The treat activity dashboard won't populate in the Splunk Enterprise Security app, although other dashboards (not all...

by Engager in

ES Security App: Multi-line header is missing matching quotation, or could not parse CSV header

I have recurring warnings in splunkd logs with multi-line header is missing matching quotation, or could not parse C...

by Path Finder in

Should the Splunk App for ES Health Check be installed prior to installing Splunk Enterprise Security?

Should the Splunk App for ES Health Check be installed prior to Splunk Enterprise Security being installed? Can i...

by Builder in

Splunk Enterprise Security 4.0.1: How to import TAXII Observables defined Using Cybox Regex Syntax?

I'm running Splunk Enterprise Security 4.0.1, and trying to import and match against Observables defined using Cybox ...

by Explorer in

How do I export Enterprise Security (ES) investigations as a PDF or report?

I'm doing research inside of Splunk Enterprise Security, and I'm tagging events into the timeline. I've gone into the...

by New Member in

Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups?

Is it possible to automate assignment of notable events to groups? For example, if a new notable event is triggere...

by New Member in

How to integrate ModSecurity events to Splunk Enterprise Security?

Hi, I need to make events I am receiving from a Modsecurity available and formatted for Splunk Enterprise Security...

by Communicator in

Does Enterprise Security automatically re-enable data model acceleration?

I'm trying to disable acceleration on a data model that's consuming a massive amount of memory on the indexers. All t...

by Super Champion in

Enterprise Security Incident Review - link to other dashboard

Hi Splunkers, I want to customize the Enterprise Security Incident Review dashboard to include a link to another d...

by Motivator in

Why is the Splunk_TA_paloalto missing from the install directory for Splunk Enterprise Security 4.1.0?

The Splunk_TA_paloalto is missing from the SplunkEnterpriseSecuritySuite/install directory for Splunk Enterprise Secu...

by Communicator in

Can we use Splunk IT Service Intelligence as an Event Management Layer between Splunk and a "Tickets System"?

Hi to everyone I need to add an "Event Management software layer", between Splunk and a "Tickets System" ( a "Even...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Tuning Risk Scores and resetting score values

Upgrading Splunk Enterprise Security fails on enabling / disabling add-ons - Solution

Learning SIEM basics

Splunk Enterprise Security: What is the best way to add details to asset information?

How to use earliest and latest in my inputlookup search to filter results?

Why does Enterprise Security 3.0 not see the tags or field aliases properly in Splunk 6.0 or 6.1?

Are Splunk Enterprise Security and Splunk User Behavior Analytics (Splunk UBA) totally independent apps?

Splunk Enterprise Security 4.x app questions

Does anyone have test data that can fire off various correlation searches for notable events in Splunk Enterprise Security?

Splunk Enterprise Security: Some dashboards are populated with data, but why not the Threat Activity dashboard?

ES Security App: Multi-line header is missing matching quotation, or could not parse CSV header

Should the Splunk App for ES Health Check be installed prior to installing Splunk Enterprise Security?

Splunk Enterprise Security 4.0.1: How to import TAXII Observables defined Using Cybox Regex Syntax?

How do I export Enterprise Security (ES) investigations as a PDF or report?

Splunk Enterprise Security: Is it possible to automate assignment of notable events to groups?

How to integrate ModSecurity events to Splunk Enterprise Security?

Does Enterprise Security automatically re-enable data model acceleration?

Enterprise Security Incident Review - link to other dashboard

Why is the Splunk_TA_paloalto missing from the install directory for Splunk Enterprise Security 4.1.0?

Can we use Splunk IT Service Intelligence as an Event Management Layer between Splunk and a "Tickets System"?

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

How to exclude events with same session_id - Remot...

RBAC for Notable events?

What is "Malware Domains threatlist" in Splunk Ent...

How to create query for showing when was a Notable...

Is Splunk Add-on for Symantec Endpoint Protection ...