Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
Stanley_Learn
How can I retrieve the file name was uploaded/shared in any collaboration tool excluding the ones generating by the a...
by Stanley_Learn Loves-to-Learn Lots in Splunk Enterprise Security 07-03-2023
0 6
0
6
deodeshm
Where can I see ES content searches performance in terms of avg. time taken to run a particular correlation rule or s...
by deodeshm Explorer in Splunk Enterprise Security 06-21-2023
0 1
0
1
MJA411
Hello! I am trying to exclude a specific computer_name from showing up in our carbonblack index in Splunk using a Hea...
by MJA411 Explorer in Splunk Enterprise Security 06-09-2023
0 10
0
10
goji
There are two selection "enable to risk index" and "enable to test index" from Content Management view, but these two...
by goji Path Finder in Splunk Enterprise Security 06-08-2023
2 0
2
0
Araton71
I'm a newbe and I try to configure Security Essential to search "net user /DOMAIN"  discovery on my  AD server. I've ...
by Araton71 Explorer in Splunk Enterprise Security 06-07-2023
0 2
0
2
b3hnam
Hello friends. I had a question for you I wanted to see how I can convert an alert in Splank to IODEF format?
by b3hnam New Member in Splunk Enterprise Security 06-01-2023
0 1
0
1
szabados
Some users reported that the investigations functionality is not available for them in the Enterprise Security app. W...
by szabados Communicator in Splunk Enterprise Security 05-31-2023
0 2
0
2
Sven
Thanks in advance for your time and assistance. I have a Splunk Enterprise Security correlation search intended to tr...
by Sven Engager in Splunk Enterprise Security 05-24-2023
0 2
0
2
BestestCohen
Hi all.I have recently started working on my workplace's Splunk and I got a request - to display all alerts that has ...
by BestestCohen New Member in Splunk Enterprise Security 05-23-2023
0 3
0
3
stuartmcintosh
Used a search from the Splunk Risk Framework page: http://dev.splunk.com/view/enterprise-security/SP-CAAAFBD Search:...
by stuartmcintosh New Member in Splunk Enterprise Security 05-22-2023
0 9
0
9
chris
Hi, How can I configure a Correlation Search in ES to add risk to 2 objects (src & dest)? I can only configure a Ad...
by chris Motivator in Splunk Enterprise Security 05-22-2023
0 7
0
7
jetmirhoxha29
Version of Splunk DB Connect 3.13.0 is only supported for splunk 9.0 and older version 8.2 or 8.1 is there any soluti...
by jetmirhoxha29 New Member in Splunk Enterprise Security 05-19-2023
0 1
0
1
teresachila
In ES 6.6.x and higher, what is the meaning of "Parse Domain from URL" under the Global Setting of Threat Intelligenc...
by teresachila Path Finder in Splunk Enterprise Security 05-18-2023
0 1
0
1
bluewizard
I have set up my intel download however when i run `http_intel` multiple IOC/values are grouped into a single row.  H...
by bluewizard Explorer in Splunk Enterprise Security 05-18-2023
0 4
0
4
claxpum0n
Hey everyone, I've looked around for a little and but was trying to find out if there was a way to backup and do vers...
by claxpum0n New Member in Splunk Enterprise Security 05-17-2023
0 3
0
3
stewlarsen
I am trying to pull up the Risk Event Timeline for a Risk Notable in my Incident Review Dashboard.   Every time I cli...
by stewlarsen New Member in Splunk Enterprise Security 05-17-2023
0 5
0
5
VK18
Hi All,We have installed Splunk Enterprise Security 7.0.1 and OT for security add-on on it, and we would like to upgr...
by VK18 Explorer in Splunk Enterprise Security 05-16-2023
0 0
0
0
gf13579
It looks like Sophos' approach to SIEM integration when using Sophos Central (their cloud management offering) is to ...
by gf13579 Communicator in Splunk Enterprise Security 05-15-2023
0 11
0
11
Miguel3393
Hello, I have a lookup table with numbers, where it checks the numbers that match the error_code 11. index="cdrs" "er...
by Miguel3393 Path Finder in Splunk Enterprise Security 05-09-2023
0 1
0
1
gg74
What is the best way to deal with building searches and alerting in a Hyper-V environment in which VMs pull MAC addre...
by gg74 Engager in Splunk Enterprise Security 05-09-2023
0 3
0
3
Miguel3393
Hello,I have a lookup table with numbers, where it checks the numbers that match the error_code 11.index="cdrs" "erro...
by Miguel3393 Path Finder in Splunk Enterprise Security 05-05-2023
0 5
0
5
rphillips_splk
The ES Incident Review page still lists deleted Correlation Searches Names in the Multiselect box "Correlation Search...
by rphillips_splk Splunk Employee Splunk Employee in Splunk Enterprise Security 05-05-2023
3 5
3
5
vinoth_raj
Hi folks,[Current scenario]When a role is created with capabilities, I am receiving one event for the role creation a...
by vinoth_raj Path Finder in Splunk Enterprise Security 05-04-2023
0 3
0
3
harshanagaraj
I would like to figure out a way to update an existing notable event via a rest api. I would specifically like to kno...
by harshanagaraj Explorer in Splunk Enterprise Security 05-04-2023
1 13
1
13
Raj
Hi,I was wondering how we could download  the specific notables  into csv or text format from incident review panel i...
by Raj Builder in Splunk Enterprise Security 05-02-2023
0 2
0
2
Get Updates on the Splunk Community!

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...

Build and Launch AI Agents from Your Splunk Workflows

  Register We’ve all been there: juggling alerts, runbooks, and endless manual searches. What if you could ...

Splunk Cloud Application Management in Terraform

Register   On Tuesday, August 4 at 11AM PDT / 2PM EDT, we’re diving into how you can bring Infrastructure as ...