Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do I search for rogue Server added to my environment including info about the Hacker(s)

by Builder in

firewall use cases

hi All, Pls could you share any links or document's for firewall usecases. Thanks in advance 

by Path Finder in

no latest update for ESCU

I saw on https://docs.splunk.com/Documentation/ESSOC/3.23.0/RN/Enhancements, there is 3.23 latest version for ESCU, b...

by Engager in

Find difference in days between today and another date

Hi, I have a creation_date field that has date format 2019-06-21 10:18:00 and then i created a field for today's da...

by Path Finder in

Risk Based alerting in SPLUNK ES

I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc...

by Loves-to-Learn Lots in

How to convert hours into days

Hi, I have the following duration format that i'd like to convert into days. Initial Format Desired...

by Path Finder in

Splunk ES Notable events not getting triggered

Hello Everyone, I'm trying to use Splunk ES feature for AWS cloudtrail data. I'm using default main index for cloudtr...

by Engager in

How to combine two fields values into one

Hi, I have the following table: status count CANCELLED ...

by Path Finder in

Correlation searches scheduling to overcome downtimes and event delays

Hello, Hello, Any suggestions on how to configure the correlation search schedule in a way that will not ...

by Observer in

Threatlist scheme error - unable to initialize modular input

Hello, There is an error "unable to initialize modular input "threatlist"" and it's blocking all the Threat Intel f...

by Explorer in

Does Splunk automatically tag identities with watchlist?

We recently had Splunk PS help set up ES in our environment, but all of the managed look-ups the PS person created no...

by New Member in

Splunk Event Log is Gibberish

I'm using Splunk for Snort and I'm finding that Splunk is interpreting the Snort logs as gibberish, see below. Any id...

by New Member in

non-owner mailbox access for Microsoft Exchange

we have one audit point that non owner users like domain admin, exchange admin's are opening other's mailboxes and th...

by Communicator in

How to ignore unknown objects in Risk adaptive response?

Hi, There're some incidents hit my threat intelligence IP, e.g. dest. That's why Threat Activity notable event is t...

by Explorer in

Notable events ES

Hi Folks, I have one question, it's possible add an response action when the notable event change status? Example...

by Motivator in

Omit IP addresses from SPL

What is the best way to omit internal IPs within this SPL? There are a lot of internal source IP hits that come up wh...

by Engager in

How can we track changes made in Correlation searches??

I want to create a scheduled search that will track the changes made in content under Splunk Enterprise security app....

by Explorer in

Why does latest version of ES CU app indicates exploring Analytical Stories through ES or Sec Essentials App ?

Just downloaded the latest version of ES Content Update app and noticed the following message: ...

by Contributor in

How to properly map windows Endpoint DataModel with Windows logs?

Hello team: i am working on Splunk Endpoint Data Model and i have windows audit logs in splunk. My concern is if i we...

by Path Finder in

Separate ES App "Incident Review Dashboard"

Hey Splunkers, any possibility of having 2 separate incident review dashboard - 1st for production usecase - 2n...

by Path Finder in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Enterprise Security

Discussions

How do I search for rogue Server added to my environment including info about the Hacker(s)

firewall use cases

no latest update for ESCU

Find difference in days between today and another date

Risk Based alerting in SPLUNK ES

How to convert hours into days

Splunk ES Notable events not getting triggered

How to combine two fields values into one

Correlation searches scheduling to overcome downtimes and event delays

Threatlist scheme error - unable to initialize modular input

Does Splunk automatically tag identities with watchlist?

Splunk Event Log is Gibberish

non-owner mailbox access for Microsoft Exchange

How to ignore unknown objects in Risk adaptive response?

Notable events ES

Omit IP addresses from SPL

How can we track changes made in Correlation searches??

Why does latest version of ES CU app indicates exploring Analytical Stories through ES or Sec Essentials App ?

How to properly map windows Endpoint DataModel with Windows logs?

Separate ES App "Incident Review Dashboard"

How to put Limit on "edit Selected" option for the...

Is throttling based on trigger time? How do we dec...

What should be the source type for AWS KMS logs to...

Single Enterprise Security searchhead cluster conn...

Trying to set default disposition of a notable cor...