Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Is it possible that logs get duplicated between Splunk Enterprise and Splunk Enterprise Security?

Hi! I want to know if is possible to get duplicated ingestion of logs between Splunk Enterprise and Splunk enterpr...

by Explorer in

How to customize Threat Activity dashboard by adding new fields?

Hello! I am experiencing troubles with analyzing Threat Intelligence data in Enterprise Security. When I go to Sec...

by Path Finder in

How to create Splunk alert to detect unauthorized certificate usage?

Hi, I am trying to extract a new field to spot unauthrorised certificate usage on a server. Under event ID 4768, ...

by New Member in

Why is Threat Intelligence not correctly parsing and automatically setting to STIX parsing?

Hi all, Within Splunk ES I've configured a test threat intelligence feed with the following settings: New > Lin...

by Explorer in

How can I change Threat intelligence setting the default time that the removal process runs for threat sources?

In the documentation at https://docs.splunk.com/Documentation/ES/7.0.2/Admin/Changethreatintel under Review the l...

by Explorer in

Web application firewall use case: How to find top targeted domain on my domain?

Hi Team,I am working on web application firewall related use case, I wanna find out top targeted domain on my domain....

by Engager in

How to add new field to existing CIM data model?

Hello. Using the eval function, trying to add a new field to the Change data model. When I try to add the new fie...

by Loves-to-Learn in

Where can I view created notable alert suppression entries in ES?

Hello, Where can I view notable alert suppression entries in ES? I'm looking for a way to not only audit these ...

by Explorer in

How to reduce notable events that correlation search has generating?

Hi, I have created an advance threat protection incidents Correlation Search which is generating notable events...

by Path Finder in

Is there customization required for Salesforce integration with Splunk for below case?

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...

by Path Finder in

Salesforce splunk integration- Why don't we see any logs?

We are configuring salesforce splunk integration in our salesforce sandbox. We followed the documentation provided by...

by New Member in

How do I stop Multiple Analysts from grabbing the same event?

We have several analysts in multiple locations that are working from the same Incident Review channel. After someone...

by Explorer in

Is there a way to search for updated DAT and AMCORE files in Splunk ?

by Loves-to-Learn Lots in

Why do we get errors on the REST command in the Investigation Overview dashboard on Splunk ES?

Hi, After upgrading to Splunk ES version 6.0.0 we got the Investigation Overview dashboard, but we have some probl...

by Builder in

Is there a way to get alerts when routers or switches go down on your network or any endpoint?

Is there a way to get alerts when routers or switches go down on your network or any endpoint? V/R SD

by Loves-to-Learn Lots in

SPLUNK ADD-On For Network Infrastructure is now end of life- Is there any other way to monitor network devices?

Good evening everyone.... Being that the Splunk ADD-ON for Infrastructure is now end of life is there any other way t...

by Loves-to-Learn Lots in

Change python version from 2.7 to 3.7 at script level

I am using Splunk 8.0.8. I have python versions 2.7 and 3.7 installed in $Splunk_Home/bin folder but all my python sc...

by Communicator in

Sequence Template/Events Bug (not working) with Splunk ES version 5.2.2?

Hello Splunk Community, My organization has recently upgraded to Splunk ES 5.2.2. I have been trying to create a c...

by Explorer in

lookup in suppression search

Hi at all, In Enterprise Security, I'm trying to customize a Suppression Rule inserting a lookup containing the ip ...

by SplunkTrust in

The following required arguments are missing: last_updated.

Hello, I am trying to add a data input to an app I created using Splunk Add-on Builder. I enabled checkpointing and...

by Observer in

Splunk Security Essentials - Mitre Map does not report each correlation search?

Hi Splunkers, I have a problem with the "Splunk Security Essentials" application. Currently, I have 34 activated c...

by Explorer in

Why is there an increase in security notables event count?

Hi Team, I have created a notable in the Splunk ES and i received a notable and i analyzed the notable and i ...

by Path Finder in

How to create Alert when event is ended

Hi, As soon as an event ends I want to create an alert and want to sent email with Shipment ID which is ended. Ex...

by Path Finder in

How to gather total amount of traffic from the Radware DDOS app?

Hi guys,I have configured radware DDOS app into splunk,I want gather the total amount of traffic from the DDOS app in...

by Engager in

What is the capability needed to view Adaptive responses section in incident review page on ES?

can someone point me to the capabilty that needs to be provided for ES users to be able to view Adaptive responses se...

by Contributor in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Is it possible that logs get duplicated between Splunk Enterprise and Splunk Enterprise Security?

How to customize Threat Activity dashboard by adding new fields?

How to create Splunk alert to detect unauthorized certificate usage?

Why is Threat Intelligence not correctly parsing and automatically setting to STIX parsing?

How can I change Threat intelligence setting the default time that the removal process runs for threat sources?

Web application firewall use case: How to find top targeted domain on my domain?

How to add new field to existing CIM data model?

Where can I view created notable alert suppression entries in ES?

How to reduce notable events that correlation search has generating?

Is there customization required for Salesforce integration with Splunk for below case?

Salesforce splunk integration- Why don't we see any logs?

How do I stop Multiple Analysts from grabbing the same event?

Is there a way to search for updated DAT and AMCORE files in Splunk ?

Why do we get errors on the REST command in the Investigation Overview dashboard on Splunk ES?

Is there a way to get alerts when routers or switches go down on your network or any endpoint?

SPLUNK ADD-On For Network Infrastructure is now end of life- Is there any other way to monitor network devices?

Change python version from 2.7 to 3.7 at script level

Sequence Template/Events Bug (not working) with Splunk ES version 5.2.2?

lookup in suppression search

The following required arguments are missing: last_updated.

Splunk Security Essentials - Mitre Map does not report each correlation search?

Why is there an increase in security notables event count?

How to create Alert when event is ended

How to gather total amount of traffic from the Radware DDOS app?

What is the capability needed to view Adaptive responses section in incident review page on ES?

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code

Adding comment (link) to Next Steps (In an alert u...

Free Training Online Classes