Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
teresachila

In ES 6.6.x and higher: What is "Parse Domain from URL" under the Global Setting of Threat Intelligence Management?

In ES 6.6.x and higher, what is the meaning of "Parse Domain from URL" under the Global Setting of Threat Intelligenc...
by teresachila Path Finder in Splunk Enterprise Security 05-18-2023
0 1
0
1
bluewizard

How to make it line by line with each unique value?

I have set up my intel download however when i run `http_intel` multiple IOC/values are grouped into a single row.  H...
by bluewizard Explorer in Splunk Enterprise Security 05-18-2023
0 4
0
4
claxpum0n

Splunk Enterprise Security: How to backup and version control correlation searches used?

Hey everyone, I've looked around for a little and but was trying to find out if there was a way to backup and do vers...
by claxpum0n New Member in Splunk Enterprise Security 05-17-2023
0 3
0
3
stewlarsen

Why is risk event timeline not working and giving an Error: "Risk event has missing or invalid fields"?

I am trying to pull up the Risk Event Timeline for a Risk Notable in my Incident Review Dashboard.   Every time I cli...
by stewlarsen New Member in Splunk Enterprise Security 05-17-2023
0 5
0
5
VK18

ES Upgrade and OT for Security Add-on

Hi All,We have installed Splunk Enterprise Security 7.0.1 and OT for security add-on on it, and we would like to upgr...
by VK18 Explorer in Splunk Enterprise Security 05-16-2023
0 0
0
0
gf13579

How can I incorporate Sophos Central data in Splunk ES?

It looks like Sophos' approach to SIEM integration when using Sophos Central (their cloud management offering) is to ...
by gf13579 Communicator in Splunk Enterprise Security 05-15-2023
0 11
0
11
Miguel3393

How to only show the destination not in the search table?

Hello, I have a lookup table with numbers, where it checks the numbers that match the error_code 11. index="cdrs" "er...
by Miguel3393 Path Finder in Splunk Enterprise Security 05-09-2023
0 1
0
1
gg74

What is the best way to build searches and alerting in a Hyper-V environment in which VMs pull MAC address ?

What is the best way to deal with building searches and alerting in a Hyper-V environment in which VMs pull MAC addre...
by gg74 Engager in Splunk Enterprise Security 05-09-2023
0 3
0
3
Miguel3393

How to show the destination not in the search table?

Hello,I have a lookup table with numbers, where it checks the numbers that match the error_code 11.index="cdrs" "erro...
by Miguel3393 Path Finder in Splunk Enterprise Security 05-05-2023
0 5
0
5
rphillips_splk

Why is the ES Incident Review page still lists deleted Correlation Searches in the Multiselect box "Correlation Search Name"?

The ES Incident Review page still lists deleted Correlation Searches Names in the Multiselect box "Correlation Search...
by rphillips_splk Splunk Employee Splunk Employee in Splunk Enterprise Security 05-05-2023
3 5
3
5
vinoth_raj

How to combine multiple values of a field into a single value?

Hi folks,[Current scenario]When a role is created with capabilities, I am receiving one event for the role creation a...
by vinoth_raj Path Finder in Splunk Enterprise Security 05-04-2023
0 3
0
3
harshanagaraj

Splunk App for Enterprise Security: Is there a way to update a notable event via REST API?

I would like to figure out a way to update an existing notable event via a rest api. I would specifically like to kno...
by harshanagaraj Explorer in Splunk Enterprise Security 05-04-2023
1 13
1
13
AL3Z

How to get the notables into .CSV?

Hi,I was wondering how we could download  the specific notables  into csv or text format from incident review panel i...
by AL3Z Builder in Splunk Enterprise Security 05-02-2023
0 2
0
2
AL3Z

How can we minimize the level of irrelevant information or false positives generated by the notables?

Hello, I'm interested in minimizing the amount of noise generated by notables in one of my customer's environments, w...
by AL3Z Builder in Splunk Enterprise Security 05-02-2023
0 1
0
1
gargantua

Splunk Enterprise Security : Variable substitution does not work for all fields?

Hi all,   I created a correlation search in SPlunk ES and added a Notable Event in the Adaptative Response Actions. I...
by gargantua Path Finder in Splunk Enterprise Security 04-28-2023
0 0
0
0
ojay

MS SQL audit logs with UF to read Windows Application Logs?

Hi all, I am trying to integrate MS SQL audit log data with a UF instead of DB Connect.  What is the best and recomme...
by ojay Path Finder in Splunk Enterprise Security 04-25-2023
0 2
0
2
Woodpecker

Does Network resolution datamodel includes outbound and inbound DNS transfers?

Does the network resolution datamodel includes both Outbound and Inbound DNS transfers?
by Woodpecker Path Finder in Splunk Enterprise Security 04-25-2023
0 1
0
1
zacksoft_wf

Why are notables not getting created?

The correlation I am analyzing has some interesting issue.1. When I run the SPL code separately in a search bar it ha...
by zacksoft_wf Contributor in Splunk Enterprise Security 04-21-2023
0 1
0
1
cmeisch

Enterprise Security Incident Review Default Filter: What conf file is that store in?

In Incident Review, one can create a filter and save it as a default.  Where does it store that configuration so I ca...
by cmeisch Path Finder in Splunk Enterprise Security 04-20-2023
0 1
0
1
dfphere

How to add new fields for notable asset extraction?

I'm attempting to add some new fields to leverage the Asset Extraction for our Notables. As of today, we have what ap...
by dfphere Explorer in Splunk Enterprise Security 04-19-2023
0 4
0
4
csarte

How to get ta-mailclient setup?

We want to fetch emails from a mailbox and forward to splunk. I have the ta-mailclient installed on our HF Windows se...
by csarte New Member in Splunk Enterprise Security 04-18-2023
0 1
0
1
discenzadoe

How to migrate Splunk Enterprise Security from VM to new physical host?

I need to migrate my current ES installation from a VM to a physical host, due to performance issues in the virtual i...
by discenzadoe Explorer in Splunk Enterprise Security 04-18-2023
0 1
0
1
KhalidSheikh

Why am I unable to access Splunk ES?

 I have abruptly been unable to access Splunk ES with the error message as "Fetch failed: authentication/current-cont...
by KhalidSheikh Engager in Splunk Enterprise Security 04-18-2023
0 1
0
1
sasankganta

Is there usecase idea for file downloaded from Webex?

Hi Team, I downloaded a file from webex app. But in crowdstrike while validating file name is showing. But the path a...
by sasankganta Path Finder in Splunk Enterprise Security 04-18-2023
0 0
0
0
NDabhi21

How to trim the results for attachment?

Hi Team, I would like to drop/trim .png and .jpg files in the output result. will be appreciated if you could help wi...
by NDabhi21 Explorer in Splunk Enterprise Security 04-16-2023
0 3
0
3
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...
Top Solution Authors
View All