Splunk Enterprise Security

Discussions

Thread Info

Whats the best way to get bro logs from an IDS to Splunk Enterprise Security thats running on a seperate server?

Right now we have another instance of splunk and bro addon running on the IDS, the bro index is then forwarded to the...

by Explorer in

Splunk Enterprise Security: How to construct an inputlookup search that will display ES identity information from their usernames?

I have a lookup with 461 usernames. I want to input the lookup to Splunk and display corresponding First and Last nam...

by Path Finder in

What is a managed app in Splunk Enterprise Security?

I'm attempting to create a new correlation search in Splunk Enterprise Security (4.1). I've created a blank app to ho...

by Super Champion in

Splunk Enterprise Security: How to modify extreme search context count_30m to 1 week?

Hi, How to change the Splunk ES context count_30m to 1 week and only limited to Deny traffic? I need to create cor...

by Explorer in

Splunk Enterprise Security: Is Splunk is able to detect low and slow password attack using correlation search?

Hi Is Splunk is able to detect low and slow password attack using correlation search? E.g. hacker attempt to guess...

by Explorer in

After upgrading to Splunk Enterprise Security 4.5, the Incident Review tab can only be viewed properly with IE & Firefox. It's a blank dashboard in Chrome.

After the ES 4.5 Upgrade the Incident Review tab can only be viewed properly with IE & Firefox, its a blank dashboard...

by Engager in

How to search when firewall disabled on servers

Dear Team, How to search when firewall disabled on servers. the below search able to see firewall status and serve...

by New Member in

How can I write my own adaptive response action?

I want to build an adaptive response action to push malware signatures from Enterprise Security into my own applicati...

by Splunk Employee in

Ignore automatic lookup just for a search

Hi! do you think if there's a way to say Splunk to ignore automatic lookups just for a search? I'm configuring som...

by Builder in

Splunk Enterprise Security: Why are all my notable events showing "0"?

Hello, Under security posture, all my notable events are showing 0 and I am not sure if it is working but we just ...

by Explorer in

How to "clean up" Splunk Enterprise Security Threat Intelligence lists to remove obsolete entries?

Hi Splunkers, We have a running Enterprise Security environment with several Threat Intelligence downloads enabled...

by Motivator in

Is it possible to generate a "ticket number" style reference for a notable event?

I'd like each notable event that is raised in ES to have a unique "ticket number" style reference, automatically incr...

by New Member in

Splunk ES Incident Review Dashboard Default Search Time Settings

I am a Splunk ES (enterprise security) user, looking to change the default search time setting for all users on the I...

by Engager in

Splunk Enterprise Security: How to troubleshoot why Threat Intelligence download is failing?

I can't see the Threat Intelligence Audit Events in Splunk Enterprise Security I have internet access to my server...

by Explorer in

Using the Fortinet FortiGate App for Splunk on Splunk Cloud with Enterprise Security, how to get the Fortinet Dashboard to show events?

Enterprise Security demands the sourcetype be "fortinet", but the App has all the macros and everything set to look f...

by Explorer in

Why is the Splunk Enterprise Security "Content Management" screen blank on 6.5.0 search head cluster members after upgrade to ES 4.5.0?

Hi, We recently deployed ES Version 4.5.0 via Deployer to the Search Head Cluster. While testing on a stand-alone ...

by Builder in

Page Redering issues for Incident Review in Enterprise Security after upgrade to 6.5

Hi, We recently upgraded our ES Search Heads to latest version 6.5. Post upgrade, the Incident Review page is not ...

by Builder in

Splunk Enterprise Security: Does Splunk count Threat Feed towards license usage?

Does Splunk count Threat feeds towards the data usage? For example: if I download 1G of threat feed data every day, w...

by New Member in

Enterprise Security v4.1.3 Setup on Splunk 6.5.0

Hi, On a test system, i am having trouble upgrading ES from v4.1.2 on Splunk 6.5.0 to v4.1.3. After installing ...

by Communicator in

Can we use the Vormetric Security Intelligence app for Splunk 6.4.2?

In our environment, Splunk 6.4.2 has been deployed. I need to know if the Vormetric Security Intelligence app current...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Whats the best way to get bro logs from an IDS to Splunk Enterprise Security thats running on a seperate server?

Splunk Enterprise Security: How to construct an inputlookup search that will display ES identity information from their usernames?

What is a managed app in Splunk Enterprise Security?

Splunk Enterprise Security: How to modify extreme search context count_30m to 1 week?

Splunk Enterprise Security: Is Splunk is able to detect low and slow password attack using correlation search?

After upgrading to Splunk Enterprise Security 4.5, the Incident Review tab can only be viewed properly with IE & Firefox. It's a blank dashboard in Chrome.

How to search when firewall disabled on servers

How can I write my own adaptive response action?

Ignore automatic lookup just for a search

Splunk Enterprise Security: Why are all my notable events showing "0"?

How to "clean up" Splunk Enterprise Security Threat Intelligence lists to remove obsolete entries?

Is it possible to generate a "ticket number" style reference for a notable event?

Splunk ES Incident Review Dashboard Default Search Time Settings

Splunk Enterprise Security: How to troubleshoot why Threat Intelligence download is failing?

Using the Fortinet FortiGate App for Splunk on Splunk Cloud with Enterprise Security, how to get the Fortinet Dashboard to show events?

Why is the Splunk Enterprise Security "Content Management" screen blank on 6.5.0 search head cluster members after upgrade to ES 4.5.0?

Page Redering issues for Incident Review in Enterprise Security after upgrade to 6.5

Splunk Enterprise Security: Does Splunk count Threat Feed towards license usage?

Enterprise Security v4.1.3 Setup on Splunk 6.5.0

Can we use the Vormetric Security Intelligence app for Splunk 6.4.2?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Failed to fetch data: Unable to get wmi classes fr...

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...