Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
NotWilko
Hello all! I am attempting to dynamically add 'Next Steps' to a notable event based off a lookup table in my Correlat...
by NotWilko Engager in Splunk Enterprise Security 07-27-2023
1 0
1
0
pbdiggins
Hey Splunk People,   I'm running a search against a CSV file: |inputlookup "GSOCdata_230717.csv" | fields source_addr...
by pbdiggins Explorer in Splunk Enterprise Security 07-24-2023
0 3
0
3
Issac08
Hi All, There is any demo sites which shows the SIEM dashboard.
by Issac08 New Member in Splunk Enterprise Security 07-22-2023
0 2
0
2
code_assassin
Hello Splunkies,  Having some issues with getting ES dashboards to populate...  Query for Network Traffic Dashboard t...
by code_assassin Explorer in Splunk Enterprise Security 07-20-2023
0 2
0
2
Splunk_Comm_1
Does splunk have any predefined or pre-existing or canned Event Sequences already built - and essentially ready to be...
by Splunk_Comm_1 New Member in Splunk Enterprise Security 07-20-2023
0 1
0
1
abi2023
When I try to open ES incident review  I am getting saying  error "KV Store is initializing. Please try again later."...
by abi2023 Path Finder in Splunk Enterprise Security 07-20-2023
0 1
0
1
sidtalup27
Hello, I would like to know about the pricing details for Splunk Enterprise Security.Can anyone share the details?Tha...
by sidtalup27 Explorer in Splunk Enterprise Security 07-20-2023
0 2
0
2
ravida
Hi folks, I created a correlation search that looks for administrators setting passwords to never expire, which then ...
by ravida Explorer in Splunk Enterprise Security 07-20-2023
0 2
0
2
inventsekar
Hi All..  As you may be aware of Splunk's Security Content.. for example, for linux user creation https://research.sp...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 07-20-2023
0 3
0
3
Sven1
Thanks in advance for your time and assistance.  Can someone please tell me how to generate a list of configured, pro...
by Sven1 Path Finder in Splunk Enterprise Security 07-17-2023
0 1
0
1
a88arun
I want to get the result of  'AccessControlRuleName' in a separate field set using REGEX. Sample log:"AccessControlRu...
by a88arun New Member in Splunk Enterprise Security 07-17-2023
0 2
0
2
hoangpt
Hello, I have some issues regarding changing the configuration of Splunk Enterprise Security.My system consists of 5 ...
by hoangpt Explorer in Splunk Enterprise Security 07-17-2023
1 3
1
3
code_assassin
Hello Splunkers,  I recently deployed ES and went through a "proper' installation. I'm running into an issue with mos...
by code_assassin Explorer in Splunk Enterprise Security 07-17-2023
0 3
0
3
lpoko
Does Splunk Enterprise provides any API to retrieve or modify Incidents by RestAPI?Example:Get Incident information C...
by lpoko Engager in Splunk Enterprise Security 07-17-2023
0 1
0
1
Raj
Hi,My cs is not raising an alerts, when I search index=_internal sourcetype=scheduler "xyz- CS" log_level=INFO07-14-2...
by Raj Builder in Splunk Enterprise Security 07-17-2023
0 0
0
0
innoce
Hi,I have list of domains in a lookup and I need to exclude it from my query | tstats summariesonly=true allow_old_su...
by innoce Path Finder in Splunk Enterprise Security 07-04-2023
0 1
0
1
jhy
Hi Splunker, When creating or editing a new Correlation Search, the items of "Adaptive Response Actions" do not appea...
by jhy Observer in Splunk Enterprise Security 07-04-2023
0 2
0
2
Raj
Hi,How can we effectively search for fields containing null values in the index, in order to limit license entitlemen...
by Raj Builder in Splunk Enterprise Security 07-04-2023
0 2
0
2
lmmills
When bringing in assets and identities to Splunk ES via an input is there any value in separating the lookups by doma...
by lmmills Explorer in Splunk Enterprise Security 07-04-2023
0 1
0
1
splunkbunk
Hi All, Recently a question came up about notifying a client on high urgency notable events. I want to send out an au...
by splunkbunk Explorer in Splunk Enterprise Security 07-04-2023
0 1
0
1
thahir
Hi Team,   We are getting the below error while installing the Enterprise security App    failed to extract app from ...
by thahir Contributor in Splunk Enterprise Security 07-04-2023
0 1
0
1
JLopez
Hi Guys,We use enterprise security and we have configured asset and identity list.  From the global option "Asset and...
by JLopez Explorer in Splunk Enterprise Security 07-04-2023
0 1
0
1
SushmaK
How can I get a list of disabled or enabled correlation searches in last 7 days?As of now, I have a query to fetch th...
by SushmaK New Member in Splunk Enterprise Security 07-04-2023
0 3
0
3
Stanley_Learn
How can I retrieve the file name was uploaded/shared in any collaboration tool excluding the ones generating by the a...
by Stanley_Learn Loves-to-Learn Lots in Splunk Enterprise Security 07-03-2023
0 6
0
6
deodeshm
Where can I see ES content searches performance in terms of avg. time taken to run a particular correlation rule or s...
by deodeshm Explorer in Splunk Enterprise Security 06-21-2023
0 1
0
1
Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...