Splunk Enterprise Security

Discussions

Thread Info

Why is my server skipping a lot of accelerated searches?

One of my servers is skipping a lot of accelerated searches, like 80% per each hour. I've got Splunk Enterprise Secur...

by Contributor in

How to control POSIX Identity Lookup done by Linux Auditd app?

Hi, We use Linux Auditd app in our environment in conjunction with Splunk Enterprise Security (ES). Is there a way...

by Builder in

Splunk Enterprise Security: Why is the alert "Activity from an expired identity" getting triggered when no identities have expired?

I have populated identities.csv on Splunk Enterprise Security and enabled the alert of "Activity from an expired iden...

by Communicator in

Splunk Enterprise Security: Why am I receiving error "The correlation search...has no corresponding saved searches stanza"?

Hi, I received this messages error : The correlation search XXXX in app "SplunkEnterpriseSecuritySuite" has no cor...

by Explorer in

Splunk Enterprise Security: Receiving errors ""A script exited abnormally" input=".\bin\xxxx.py" stanza="default" status="exited with code 1"". How to resolve?

Hi I keep receiving this error message from Splunk Enterprise Security (ES) on my custom python application, thoug...

by Explorer in

How to edit my search to use eval variables in subsearches

Hello Splunk experts, Stuck trying to get something working and hoping one of you experts can point me in the righ...

by Path Finder in

Splunk Enterprise Security: Why am I getting threat list "download has failed" errors?

Hi Folks, We are working on getting our Splunk Enterprise Security environment working properly and have it mostly...

by Explorer in

sendmail transactions prior to data model ingestion in enterprise security

When using enterprise security protocol intelligence dashboards, how do you build a complete email transaction log (e...

by Communicator in

Splunk Enterprise Security: Can you provide a function which returns a string in an if statement?

Can you provide a function which returns a string in an if statement? For example: if(src=="-" OR src=="127.0.0.1...

by Communicator in

Splunk Enterprise Security: If an analyst added a notable event to an investigation, how does another analyst open that notable event to review it?

If an analyst has added a notable event to an investigation, how does another analyst open that notable event to revi...

by Communicator in

Add intelligence to file_intel

Is there a way to use lookups to add threat intelligence to the non-network based intelligence stores, such as file_i...

by Communicator in

Forward syslogs with correct sourcetypes

I have logs coming from different sources like juniper IDS, cisco firewall, bluecoat proxy, nessus etc. Currently I h...

by Explorer in

What is the best way to find and group unknowingly related events that occur together?

Hi Folks, I'm indexing log events en mass... and I know that I have events that always occur together and within t...

by Explorer in

How to assign a Category and Priority for Splunk Enterprise Security using ldapsearch?

Hi I'm trying to create a Identity Lookup for Splunk Enterprise Security. I have a users from Group and OU's which...

by Builder in

Why is Incident Review not working after upgrade of CIM and Splunk Enterprise Security to 4.1.1?

Incident review is not working after Splunk ESS 4.1.1 and CIM Upgrade. Also checked for data sources and their re...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Why is my server skipping a lot of accelerated searches?

How to control POSIX Identity Lookup done by Linux Auditd app?

Splunk Enterprise Security: Why is the alert "Activity from an expired identity" getting triggered when no identities have expired?

Splunk Enterprise Security: Why am I receiving error "The correlation search...has no corresponding saved searches stanza"?

Splunk Enterprise Security: Receiving errors ""A script exited abnormally" input=".\bin\xxxx.py" stanza="default" status="exited with code 1"". How to resolve?

How to edit my search to use eval variables in subsearches

Splunk Enterprise Security: Why am I getting threat list "download has failed" errors?

sendmail transactions prior to data model ingestion in enterprise security

Splunk Enterprise Security: Can you provide a function which returns a string in an if statement?

Splunk Enterprise Security: If an analyst added a notable event to an investigation, how does another analyst open that notable event to review it?

Add intelligence to file_intel

Forward syslogs with correct sourcetypes

What is the best way to find and group unknowingly related events that occur together?

How to assign a Category and Priority for Splunk Enterprise Security using ldapsearch?

Why is Incident Review not working after upgrade of CIM and Splunk Enterprise Security to 4.1.1?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

How can I automatically and evenly assign notables...

Risk-Based Alerting FAQs

threat intelligence upload not working too

Splunk Enterprise Security - permissions issue

Splunk Enterprise Security Install Error In Deploy...