Splunk Enterprise Security

Discussions

Thread Info

Fine-tuning Enterprise Security?

Hello everyone! I'm looking for assistance with fine-tuning Enterprise Security. I've been working hard with conf...

by Builder in

How to tune search for detection of DNS tunnels rule

I need help on how I can tune the search below. It creates too much noise. I will like to know what steps I can use t...

by New Member in

How to find out which data model a particular app maps to?

How do I find out which data model a particular app "maps" to? Specifically the Cisco security suite ... I see ...

by Engager in

Upgrading Enterprise Security in search head cluster

Hi, I'm having an issue with my deployer and search head cluster while upgrading enterprise security. In step 8...

by Path Finder in

invalid key for param.default_disposition on Splunk ES 6.6.0

I recently installed brand new Splunk 8.2.2, then installed Splunk ES 6.6.0 on it, after Splunk ES installed and conf...

by Engager in

Different Search Results From Two Macros With Same Contents

Hello everyone. I'm looking for some assistance with a problem where I get differing search results from what should ...

by Explorer in

How to automatically assign a recent random notable to a specific user

Hello, I would like to assign random new "unassigned" notables to a specific user. I wanted to accomplish this vi...

by Path Finder in

Different results for same search on same search head for rest call or save search.

Hello there, I get different results when I run a rest call. For example I ran a rest command to bring all the dashbo...

by Explorer in

Threat Artifacts setting

Hello Splunkers, is there any way to change that red box name as a test?? Thank you in a...

by Path Finder in

check traffic -RDP connections

Helloany ideas how can i check rdp attempts or connections in Splunk? many thanks

by Explorer in

Merging identity lookups fails

Hi Splunkers, I have an issue merging two identity lookup files on ES. In particular, my first lookup file has rows...

by Explorer in

Network Resolution (DNS) data model doesn't have any data in it

Hello all, I am trying to get some DNS data into my Network Resolution (DNS) datamodel. I currently ingest DNS ...

by Path Finder in

Splunk 8.0 ES

Hi all, I am having huge problem with ES on splunk v8.0 . I upgraded my instance and when i have tried to upgra...

by Contributor in

Export Splunk Enteprise Security and move app to another server

Hello everyone, I have read the documentation about exporting Splunk ES content as an app: https://docs.splunk.co...

by Communicator in

How can I run a search that shows the time notable events were created, were assigned and then closed in ES?

Hi, I am trying to figure out a way in which i can display the creation time of notable event, the time it was assi...

by Path Finder in

is there a way to find out when a correlation search was created in Splunk ES ?

I was able to find the date when the correlation search was last updated, but cant seem to find the original creation...

by Path Finder in

Threat intelligence issue

After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot wr...

by Loves-to-Learn Lots in

How do I create a list of indexes (internal & non-internal) used by users - am getting performance errors for admin role

I am getting performance errors on the ES reg. many indexes used by users, specially the admin role. Any SPLs or dire...

by Builder in

Enterprise Security - Mitre Metrics

When I configure a correlation search with an Annotation of MiTRE ATT&CK and create a notable, I don't see any eviden...

by Explorer in

How do I find list of assets or servers "exceeding the field limits set in the asset & identity management page" Thx

On ES am getting warning messages the " two assets are exceeding the field limits set in the asset & identity managem...

by Builder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Fine-tuning Enterprise Security?

How to tune search for detection of DNS tunnels rule

How to find out which data model a particular app maps to?

Upgrading Enterprise Security in search head cluster

invalid key for param.default_disposition on Splunk ES 6.6.0

Different Search Results From Two Macros With Same Contents

How to automatically assign a recent random notable to a specific user

Different results for same search on same search head for rest call or save search.

Threat Artifacts setting

check traffic -RDP connections

Merging identity lookups fails

Network Resolution (DNS) data model doesn't have any data in it

Splunk 8.0 ES

Export Splunk Enteprise Security and move app to another server

How can I run a search that shows the time notable events were created, were assigned and then closed in ES?

is there a way to find out when a correlation search was created in Splunk ES ?

Threat intelligence issue

How do I create a list of indexes (internal & non-internal) used by users - am getting performance errors for admin role

Enterprise Security - Mitre Metrics

How do I find list of assets or servers "exceeding the field limits set in the asset & identity management page" Thx

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup

How to set Notable Event Status Via Search?

How to list data models and verify they are functi...

ES Upgrade and OT for Security Add-on

When bringing in assets and identities to Splunk E...

How do I resolve error "KV Store is initializing. ...