Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Matilda

Is it possible that logs get duplicated between Splunk Enterprise and Splunk Enterprise Security?

Hi! I want to know if is possible to get duplicated ingestion of logs between Splunk Enterprise and Splunk enterprise...
by Matilda Explorer in Splunk Enterprise Security 01-12-2023
0 4
0
4
user2020dy

How to customize Threat Activity dashboard by adding new fields?

Hello!I am experiencing troubles with analyzing Threat Intelligence data in Enterprise Security.  When I go to Securi...
by user2020dy Path Finder in Splunk Enterprise Security 01-11-2023
1 1
1
1
MagicVisitor

How to create Splunk alert to detect unauthorized certificate usage?

Hi, I am trying to extract a new field to spot unauthrorised certificate usage on a server.  Under event ID 4768, the...
by MagicVisitor New Member in Splunk Enterprise Security 01-08-2023
0 0
0
0
RickvdIJ

Why is Threat Intelligence not correctly parsing and automatically setting to STIX parsing?

Hi all, Within Splunk ES I've configured a test threat intelligence feed with the following settings: New > Line orie...
by RickvdIJ Explorer in Splunk Enterprise Security 01-06-2023
0 2
0
2
creiglow

How can I change Threat intelligence setting the default time that the removal process runs for threat sources?

In the documentation at https://docs.splunk.com/Documentation/ES/7.0.2/Admin/Changethreatintel under  Review the logi...
by creiglow Explorer in Splunk Enterprise Security 01-06-2023
0 1
0
1
k115

Web application firewall use case: How to find top targeted domain on my domain?

Hi Team,I am working on web application firewall related use case, I wanna find out top targeted domain on my domain....
by k115 Engager in Splunk Enterprise Security 01-06-2023
0 1
0
1
vpsmax1

How to add new field to existing CIM data model?

Hello. Using the eval function, trying to add a new field to the Change data model.  When I try to add the new field ...
by vpsmax1 Loves-to-Learn in Splunk Enterprise Security 01-06-2023
0 3
0
3
hperez

Where can I view created notable alert suppression entries in ES?

Hello, Where can I view notable alert suppression entries in ES? I'm looking for a way to not only audit these entrie...
by hperez Explorer in Splunk Enterprise Security 01-06-2023
0 4
0
4
balu1211

How to reduce notable events that correlation search has generating?

Hi, I have created an advance threat protection incidents  Correlation Search which is   generating notable events ho...
by balu1211 Path Finder in Splunk Enterprise Security 01-06-2023
0 1
0
1
sekhar463

Is there customization required for Salesforce integration with Splunk for below case?

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...
by sekhar463 Path Finder in Splunk Enterprise Security 01-06-2023
0 0
0
0
rajwdc

Salesforce splunk integration- Why don't we see any logs?

We are configuring salesforce splunk integration in our salesforce sandbox. We followed the documentation provided by...
by rajwdc New Member in Splunk Enterprise Security 01-06-2023
0 1
0
1
sajohnson6

How do I stop Multiple Analysts from grabbing the same event?

We have several analysts in multiple locations that are working from the same Incident Review channel.  After someone...
by sajohnson6 Explorer in Splunk Enterprise Security 01-04-2023
0 0
0
0
Doreluss

Is there a way to search for updated DAT and AMCORE files in Splunk ?

Is there a way to search for updated DAT and AMCORE files in Splunk ?
by Doreluss Loves-to-Learn Lots in Splunk Enterprise Security 01-04-2023
0 0
0
0
hettervik

Why do we get errors on the REST command in the Investigation Overview dashboard on Splunk ES?

Hi, After upgrading to Splunk ES version 6.0.0 we got the Investigation Overview dashboard, but we have some problem...
by hettervik Builder in Splunk Enterprise Security 01-04-2023
0 3
0
3
Doreluss

Is there a way to get alerts when routers or switches go down on your network or any endpoint?

Is there a way to get alerts when routers or switches go down on your network or any endpoint?    V/R SD
by Doreluss Loves-to-Learn Lots in Splunk Enterprise Security 01-03-2023
0 1
0
1
Doreluss

SPLUNK ADD-On For Network Infrastructure is now end of life- Is there any other way to monitor network devices?

Good evening everyone.... Being that the Splunk ADD-ON for Infrastructure is now end of life is there any other way t...
by Doreluss Loves-to-Learn Lots in Splunk Enterprise Security 01-03-2023
0 0
0
0
nagar57

Change python version from 2.7 to 3.7 at script level

I am using Splunk 8.0.8. I have python versions 2.7 and 3.7 installed in $Splunk_Home/bin folder but all my python sc...
by nagar57 Communicator in Splunk Enterprise Security 12-28-2022
0 0
0
0
plimon

Sequence Template/Events Bug (not working) with Splunk ES version 5.2.2?

Hello Splunk Community, My organization has recently upgraded to Splunk ES 5.2.2. I have been trying to create a cus...
by plimon Explorer in Splunk Enterprise Security 12-27-2022
0 2
0
2
gcusello

lookup in suppression search

Hi at all,In Enterprise Security, I'm trying to customize a Suppression Rule inserting a lookup containing the ip add...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 12-23-2022
0 2
0
2
Zaires

The following required arguments are missing: last_updated.

Hello,I am trying to add a data input to an app I created using Splunk Add-on Builder. I enabled checkpointing and sp...
by Zaires Observer in Splunk Enterprise Security 12-23-2022
0 0
0
0
davidem

Splunk Security Essentials - Mitre Map does not report each correlation search?

Hi Splunkers, I have a problem with the "Splunk Security Essentials" application. Currently, I have 34 activated corr...
by davidem Explorer in Splunk Enterprise Security 12-22-2022
0 1
0
1
umesh

Why is there an increase in security notables event count?

Hi Team,   I have created a notable in the Splunk ES and i received a notable and i analyzed the notable and i can se...
by umesh Path Finder in Splunk Enterprise Security 12-21-2022
0 2
0
2
OnderSentira

How to create Alert when event is ended

Hi,As soon as an event ends I want to create an alert and want to sent email with Shipment ID which is ended.Example ...
by OnderSentira Path Finder in Splunk Enterprise Security 12-20-2022
0 2
0
2
k115

How to gather total amount of traffic from the Radware DDOS app?

Hi guys,I have configured radware DDOS app into splunk,I want gather the total amount of traffic from the DDOS app in...
by k115 Engager in Splunk Enterprise Security 12-14-2022
0 0
0
0
soumyasaha25

What is the capability needed to view Adaptive responses section in incident review page on ES?

can someone point me to the capabilty that needs to be provided for ES users to be able to view Adaptive responses se...
by soumyasaha25 Contributor in Splunk Enterprise Security 12-14-2022
0 0
0
0
Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...
Top Solution Authors
View All