Splunk Enterprise Security

Discussions

Thread Info

How to create separate incident review dashboard for different team.

Dear All, Please suggest how to create separate incident review dashboard for different team.OR How the notable wil...

by Loves-to-Learn Everything in

Splunk Security Essentials

I've downloaded the splunk security essential files all into my laptop, but I can't figure out how to upload into int...

by New Member in

need spl into datamodel search

Hi,Need below search into a web datmodel search index=es_web action=blocked host= * sourcetype= *| stats count by cat...

by Builder in

Need changes to the datamodel search

Hi, I aimed to merge the "dropped" and "blocked" values under the "IDS_Attacks.action" field in the output of the d...

by Builder in

Reduce the noise out of Security EventCodes..

Hi,I'm trying to reduce the noise out of these EventCodes which we can exclude in the enterprise security point of vi...

by Builder in

How to create query for showing when was a Notable alert assigned and calculate SLA based off that?

Hi, I need to report on when a Notable alert was changed from the default "unassigned" status to " Acknowledged" stat...

by Builder in

Splunk time parse

Hi, Splunk usually takes the log time event (_time) and parse it to: date_hour, date_mday, date_minute, date_mon...

by Path Finder in

Splunk Enterprise Security Devices support

Dears How to find out what Devices (Switch, Router, etc.), operating systems (Windows, linux, MacOs, etc.), applica...

by Observer in

Developing reliable searches dealing with events indexing delay

Hello everyone, I am concerned about single-event-match (e.g. observable-based) searches and the eventual indexing ...

by Explorer in

Endpoint Correlation Searches.

We are in the process of deploying our endpoint logging strategy. Right now, we are using CrowdStrike as our EDR. As ...

by Explorer in

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Hello together, I installed in Splunk Single Instance Deployment with version 9.0.4 the Splunk ES 7.11 via CLI. ...

by New Member in

Adding Additional fields to notable events

I am pretty new to ES correlation seraches and I am trying to figure out how to add additionals fields to notable eve...

by Explorer in

Splunk Enterprise Security - permissions issue

A user is unable to access investigations in Enterprise Security (version ES 7.1.1) on Splunk Cloud (Splunk 9.0.2) . ...

by Explorer in

接入日志的最大数量

想了解下，SPlunk 单台服务器，最多可以接入多大的数据量 ，可以给工

by New Member in

Risk Analysis Dashboard - Risk Modifiers by Annotations

Hello: I recently started playing with the Risk framework, RBA etc. Most of my Risk Analysis dashboard is working w...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to create separate incident review dashboard for different team.

Splunk Security Essentials

need spl into datamodel search

Need changes to the datamodel search

Reduce the noise out of Security EventCodes..

How to create query for showing when was a Notable alert assigned and calculate SLA based off that?

Splunk time parse

Splunk Enterprise Security Devices support

Developing reliable searches dealing with events indexing delay

Endpoint Correlation Searches.

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Adding Additional fields to notable events

Splunk Enterprise Security - permissions issue

接入日志的最大数量

Risk Analysis Dashboard - Risk Modifiers by Annotations

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

How can I automatically and evenly assign notables...

Risk-Based Alerting FAQs

threat intelligence upload not working too

Splunk Enterprise Security - permissions issue

Splunk Enterprise Security Install Error In Deploy...