Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

ES app searches

Hi all, i am using ES app 2.4 and trrying to run an inbuilt sear4ch "Anomalous ports detection". This search refe...

by Path Finder in

Placement of Windows and Unix TA

Hi all, I am using ES app and collecting windows and linux logs. I have the following hierarchy of splunk componen...

by Path Finder in

500 Internal Server Error-Response Not Ready

Hi, I have ES APP (v 2.4.1) installed on Splunk (v 5.0.5) on Windows machine. Machine details- Processor- 2 ...

by Path Finder in

ES App compatibility with Splunk 6

What is the ETA on having the Splunk Enterprise Security app compatible with Splunk 6?

by Engager in

How to restore default ES correlation searches?

Hello everyone, I modified some of the correlation searches (CS) in Enterprise Security to better match my environ...

by Builder in

Enterprise Security 2.2.1 how do i clear sa_vulns tsidx ?

I added a new vulnerability data input - a new vmscanner. Cool beans! Now I'd like to clear the sa _ vulns tsidx and ...

by Engager in

Splunk Enterprise Security on Windows XP Laptop?

Was requested that I do development on my laptop, and to install Splunk ES 2.4 on my laptop (along with Splunk Enterp...

by Explorer in

ESS error with conf 'oracle' lookup table 'oracle_action_lookup'

Dear expert: When I installed ESS, I found a ERROR on the top of splunk's web. Error 'Could not find all of the...

by Path Finder in

ESS TA and other TA

Hi expert: I'm studying ESS. There are 3 Add-ons in ESS, Domain Add-ons, Supporting Add-ons and Technology Add-ons...

by Path Finder in

tstats issue in ES 2.4.0 ...

Hello, I have noticed that tscollect/tstats in ES 2.4.0 gives very strange results: The "Host With Multiple Inf...

by Communicator in

Splunk ES - lookup_expander - assets.csv - not handling IPv6?

Hello Splunk ES users  I'm using the latest Splunk ES (2.4.0) and since the upgrade from 2.0.2, I have the follow...

by Communicator in

Time Range options in Correlation Search?

In Enterprise Security I have this correlation search which I believe includes searching through the previous 24 hour...

by Builder in

Integrating new events to an existing incident ticket created by the incident review dashboard

Is it possible to add/attach new events that are generated using correlation searches or manually searches to an exis...

by Explorer in

Tracking change history on Incidents in ES App

I am trying to understand if I can track changes related to the incidents managed by the ES App.Below are my requirem...

by Explorer in

Where to find more correlation searches?

My Splunk + Enterprise Security installation came with 51 canned correlation searches. For example, searches to disco...

by Builder in

Incident Review Dashboard incidents storage

As I understand the splunk app for Enterprise Security creates a number of TSIDX namespaces that are used to store su...

by Explorer in

How to exclude certain OPSEC LEA events from getting indexed?

Hi everyone, I have the OPSECLEA TA installed and I'd like to strip out certain events (all destination port 80 (H...

by Builder in

App for Enterprise Security error: lookup_expander: Some extra fields were present in the input CSV

The messages at the top of the screen populates with the following error: lookup_expander: Some extra fields were pre...

by Path Finder in

Splunk version and Enterprise Security App

What deployments of Splunk support the enterprise security app? I want to try a demo on my older version (less produc...

by Explorer in

Remove SA-EVENTGEN Data

I enabled SA-Eventgen for my ES App and now I have many faux security events. This seems to be a demo to fill the das...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

ES app searches

Placement of Windows and Unix TA

500 Internal Server Error-Response Not Ready

ES App compatibility with Splunk 6

How to restore default ES correlation searches?

Enterprise Security 2.2.1 how do i clear sa_vulns tsidx ?

Splunk Enterprise Security on Windows XP Laptop?

ESS error with conf 'oracle' lookup table 'oracle_action_lookup'

ESS TA and other TA

tstats issue in ES 2.4.0 ...

Splunk ES - lookup_expander - assets.csv - not handling IPv6?

Time Range options in Correlation Search?

Integrating new events to an existing incident ticket created by the incident review dashboard

Tracking change history on Incidents in ES App

Where to find more correlation searches?

Incident Review Dashboard incidents storage

How to exclude certain OPSEC LEA events from getting indexed?

App for Enterprise Security error: lookup_expander: Some extra fields were present in the input CSV

Splunk version and Enterprise Security App

Remove SA-EVENTGEN Data

Announcing General Availability of Splunk Incident Intelligence!

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Anyone have a search for meant time to triage for ...

How to create Splunk alert to detect unauthorized ...

Is there customization required for Salesforce int...

How do I stop Multiple Analysts from grabbing the ...

Is there a way to search for updated DAT and AMCOR...