Splunk Enterprise Security

Discussions

Thread Info

Integrating new events to an existing incident ticket created by the incident review dashboard

Is it possible to add/attach new events that are generated using correlation searches or manually searches to an exis...

by Explorer in

Tracking change history on Incidents in ES App

I am trying to understand if I can track changes related to the incidents managed by the ES App.Below are my requirem...

by Explorer in

Where to find more correlation searches?

My Splunk + Enterprise Security installation came with 51 canned correlation searches. For example, searches to disco...

by Builder in

Incident Review Dashboard incidents storage

As I understand the splunk app for Enterprise Security creates a number of TSIDX namespaces that are used to store su...

by Explorer in

How to exclude certain OPSEC LEA events from getting indexed?

Hi everyone, I have the OPSECLEA TA installed and I'd like to strip out certain events (all destination port 80 (H...

by Builder in

App for Enterprise Security error: lookup_expander: Some extra fields were present in the input CSV

The messages at the top of the screen populates with the following error: lookup_expander: Some extra fields were pre...

by Path Finder in

Splunk version and Enterprise Security App

What deployments of Splunk support the enterprise security app? I want to try a demo on my older version (less produc...

by Explorer in

Remove SA-EVENTGEN Data

I enabled SA-Eventgen for my ES App and now I have many faux security events. This seems to be a demo to fill the das...

by Path Finder in

Internal Log Errors - copyresults

Hi there, I was just looking through our splunkd logs, and I notice multiple errors for the following: <dateTi...

by Path Finder in

Download Splunk App for Enterprise Security 2.2.0 ES

I am looking to download the 2.2.0 ES application, where can I find it?

by Engager in

GeoIP not working within ES Suite

I have the Enterprise Security Suite App installed and working. I can run a geoip search in the Search App and that r...

by Contributor in

Splunk App for Enterprise Security

Hi, How do I try this application? Thanks, Ravi

by New Member in

Stash Files contain binary data

Folks, I'm at a site with 3 search heads and 6 indexers. One of the SH is ES-2.0.2. All SH and Indexers were up...

by Contributor in

Is there an easy way to close out 150K+ incident events?

We have recently installed ES for Splunk and have over 150K+ incidents that I want to close that were opened prior to...

by Engager in

Enterprise Security App

How can I download a copy for the Enterprise Security App and try it out?

by New Member in

ESS1.1.2 lookup failing

SA-ThreatIntelligence/bin/getiblocklist.py app=SA-ThreatIntelligence url=http://list3.iblocklist.com/files/bt_spyware...

by Splunk Employee in

how can i try this app?

Hi, who can tell me how can i try this app? http://splunk-base.splunk.com/apps/22297/splunk-app-for-enterprise-securi...

by Communicator in

Can Splunk be used as a Complex Event Processor (CEP)?

Splunk has many capabilities for correlating events over time, by keyword, by dynamic transactions, and more. It also...

by Splunk Employee in

PCI Compliance 11.5 - Monitoring files for changes

We are using Splunk to implement file integrity monitoring, but our security team has a requirement that I'm having t...

by Path Finder in

ES2 app installer not finding 2.0.2

The Enterprise Security Install App says I have the latest version of ES 2.0.1 . Why is it not prompting to upgrade t...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Integrating new events to an existing incident ticket created by the incident review dashboard

Tracking change history on Incidents in ES App

Where to find more correlation searches?

Incident Review Dashboard incidents storage

How to exclude certain OPSEC LEA events from getting indexed?

App for Enterprise Security error: lookup_expander: Some extra fields were present in the input CSV

Splunk version and Enterprise Security App

Remove SA-EVENTGEN Data

Internal Log Errors - copyresults

Download Splunk App for Enterprise Security 2.2.0 ES

GeoIP not working within ES Suite

Splunk App for Enterprise Security

Stash Files contain binary data

Is there an easy way to close out 150K+ incident events?

Enterprise Security App

ESS1.1.2 lookup failing

how can i try this app?

Can Splunk be used as a Complex Event Processor (CEP)?

PCI Compliance 11.5 - Monitoring files for changes

ES2 app installer not finding 2.0.2

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

incident_review migration to new splunk enterprise...

What is the retention period for summaries generat...

Why the System Center does not show data from Wind...

Adding key indicator search to custom dashboard in...

How to send only not suppressed notable from Splun...