Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Threat_Intelligence.Threat_Activity- How can I configure these fields "orig_sourcetype" ?

Hi, I use Splunk Enterprise Security with Threat Intelligence framework. Splunk creates many notables 'Threat A...

by Engager in

Detected deprecated Threat Intelligence Manager inputs- Do I have to completely remove the inputs?

Hello, I am recieving the following warning on my alerts: Health Check: Detected deprecated Threat Intelligence...

by Path Finder in

ES Threat Intelligence Download with POST argument

I set up an Intelligence Download for https://threatfox-api.abuse.ch/api/v1 to use with the POST argument. However I...

by Path Finder in

Will Splunk notables reflect with delay in timestamp on incident dashboard when they moved from "Dev" to "Prod"stage?

Hi, Good day to you! I quickly wanted to understand whether the Splunk notables will reflect with delay in time...

by New Member in

Need urgent help to filter out logs

Hi, Splunk which I am currently using has all of a sudden increased the log size consumption which has led to my li...

by Explorer in

Regex help to grab a process

So I have some data like below in my _raw: Name: BES Client, Running as: LocalSystem, Path: ""C:\Program Files (x86...

by Explorer in

How to add Data Transfers to Dashboard?

I'd like to build a search targeting media transfers and add it to my dashboard. Using the index of the security l...

by New Member in

Create investigation in ES using SPL outputlookup command?

Hi Everyone I am trying to create an investigation in ES using SPL. Since ES is most work as lookup/kvstore, s...

by Communicator in

Why is Splunk ES missing notable events?

Hi Good morning.We have a SH cluster and Indexer cluster. we have received a complain from SOC analyst some of notabl...

by Explorer in

How can we track changes made in correlation searches?

I want to create a scheduled search that will track the changes made in content under Splunk Enterprise security app....

by Explorer in

How to set up Splunk_SA_CIM- error keeps popping up?

I am currently trying to set up the Splunk_SA_CIM application but it displays "An error occurred fetching assets. Ple...

by Explorer in

Enabled Correlation Search not running?

I have enabled several correlation searches in ES. Those search run normally and return result as expected if I searc...

by Loves-to-Learn Lots in

Azure: Is there a way Splunk, by default, extracts the fields from nested JSON logs?

Hi All, Is there a way Splunk by default to extracts the fields from nested JSON logs? Right now Splunk is parsing...

by New Member in

SplunkES -Data Enrichment - Asset and Identity Management- How does the content update work?

The changes of the data source are not immediately reflected and some old information remains for several minutes. ...

by Explorer in

How can I add Spamhaus Datasets for Splunk?

hello sir How i add spamhaus dataset in splunk ,??? any guide or process?? please help i already ...

by Observer in

How to convert String to Integer search?

Hi team, I have "file_size" in my extracted fields and the values are 1.56 KB,5.03 MB, 1.06 B. and those values a...

by Path Finder in

What is the Splunk pricing annually for dealing 10 GB data per day?

I want to know the splunk cost annually for dealing 10 GB data per day

by New Member in

Collect command does not work for a certain source in an index?

As mentioned in the title above, collect command is not able to add an event to a source of an index. The collect com...

by Engager in

Splunk jobs not completing- Why are they running at over 100%, some as high as over 150%?

Hey everyone! Has anyone ever experienced jobs running over 100%, sometimes as high as 150%/160% and not completin...

by Observer in

How do I delete reports created by Splunk Enterprise Security?

Hello, I wanted to ask if there was a way I can delete reports created by Enterprise Security? There are reports c...

by Explorer in

Splunk ES Drill-Down- How do I receive 2 separate notable alerts?

I created the following correlation alerts in ES with Notable Index=fw (dest_ip=1.2.3.4 OR dest_ip=1.2.3.5) The...

by Loves-to-Learn in

More Enterprise Security Correlation Search Variable Substitution for Contributing Events- Is there documentation?

As in previous posts I am talking about using variables or tokens in the Contributing Events part of enterprise secur...

by Explorer in

Is there a drill down search variable substitution?

Hi I have two questions here 1.In the drill down search i have given dest=$dest$ and it is not working and wh...

by Path Finder in

How to know the correlation search query and time range conditions for two of these use cases?

Please let me know the correlation search query and time range conditions for two of these usecases. I have windows p...

by Engager in

How to make Splunk ES override urgency changes?

Hi all, I have a correlation search that passes alerts from another system into ES and I need to prevent the urgen...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Threat_Intelligence.Threat_Activity- How can I configure these fields "orig_sourcetype" ?

Detected deprecated Threat Intelligence Manager inputs- Do I have to completely remove the inputs?

ES Threat Intelligence Download with POST argument

Will Splunk notables reflect with delay in timestamp on incident dashboard when they moved from "Dev" to "Prod"stage?

Need urgent help to filter out logs

Regex help to grab a process

How to add Data Transfers to Dashboard?

Create investigation in ES using SPL outputlookup command?

Why is Splunk ES missing notable events?

How can we track changes made in correlation searches?

How to set up Splunk_SA_CIM- error keeps popping up?

Enabled Correlation Search not running?

Azure: Is there a way Splunk, by default, extracts the fields from nested JSON logs?

SplunkES -Data Enrichment - Asset and Identity Management- How does the content update work?

How can I add Spamhaus Datasets for Splunk?

How to convert String to Integer search?

What is the Splunk pricing annually for dealing 10 GB data per day?

Collect command does not work for a certain source in an index?

Splunk jobs not completing- Why are they running at over 100%, some as high as over 150%?

How do I delete reports created by Splunk Enterprise Security?

Splunk ES Drill-Down- How do I receive 2 separate notable alerts?

More Enterprise Security Correlation Search Variable Substitution for Contributing Events- Is there documentation?

Is there a drill down search variable substitution?

How to know the correlation search query and time range conditions for two of these use cases?

How to make Splunk ES override urgency changes?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Splunk ES threat feeds empty

Palo Alto apps and add-ons for splunk

Dashboard PNG schedule export setting is not viewa...

Incident_updates_lookup not updating urgency and r...

Create Investigation SOAR

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!