Splunk Enterprise Security

Discussions

Thread Info

IBM X-force Threat Intelligence feed integration with Splunk ES

Can some one please help if you have any document on how to integrate the IBM X-force Threat intelligence feed with S...

by Path Finder in

How to install a fresh install of Enterprise Security onto a search head cluster?

I'm trying to install a fresh install of Enterprise Security onto a search head cluster. I uploaded the app via t...

by Path Finder in

Upgrade UF forwarder plan from 6.5.1 to 8.0

Hi, I need to upgrade UF forwarder from version 6.5.1 to version 8.0; is possible do it immediatly or I must instal...

by Explorer in

How to make a report or a CSV file from a search result?

Hi, I want to make a report or a CSV file from a search result. However, the search result is more than 7 million....

by New Member in

token condition match

Hi, I have a parent panel which has below table panel Function NameSuccessFailureSLAgreet34513.5NGA43067.5Custome...

by Engager in

How to add a custom field in an asset table?

Hi, I have encoutered problem regarding adding a custom field to an asset table. I have followed a series of articles...

by Observer in

How to create dashboard that will closely monitor login activity of certain users and the IP address?

Hi, I need some help setting up a dashboard that will allow us to closely monitor login activity of certain users ...

by Observer in

Parsing epoch time: Why is there Enterprise Security ip_intel issue with time value?

Hi all, I would like some help related to the wrong time value in Threat Intelligence (KV Store Lookup ) "ip_intel...

by Observer in

Splunk generating multiple artifacts in phantom

Hello, We're facing an issue when events are forwarded from splunk to phantom, multiple artifacts are being genera...

by New Member in

Is there an ES alternative for the use case 'New Cloud API Call Per Peer Group'

Is there any Enterprise Security (ES) alternative of the use case 'New Cloud API Call Per Peer Group'?

by Engager in

How do I add a CIM Change Model and EventCode 4732 (A member was added to a security-enabled local group)

Running CIM 5.0 and was looking to do some reporting on users/groups added to security groups (information provided b...

by Engager in

Is it possible to auto-assign notables in Enterprise Security?

I have a team that wants specific notables to be automatically assigned to specific team members. Is this even possib...

by Engager in

Splunk Add-on for AWS - aws_description_tasks endpoint?

When trying to enable aws_description_tasks, I'm finding it in the logs that it is erroring out due to 'Connection re...

by New Member in

What does rt-5m@m to rt-65m@m time-range mean?

Hi Guys In Splunk ES there is correlation search "Excessive Failed Logins" which has time range set to latest=rt-5...

by Builder in

Splunk Security Announcement Page no longer available

Hi Team, We notice that the page below is no longer available. https://www.splunk.com/en_us/product-security/anno...

by Loves-to-Learn in

Can you help me create a usecase that will alert when a string of failed logins is followed by a successful login?

I'm trying to make a usecase where it will alert when there are several attempts of failed logins and one of them suc...

by Communicator in

邮件发送问题

配置了smtp域名，为什么报警邮箱收不到

by Observer in

How do I get Solarwinds data into Splunk with Syslog?

I would like retrieve data from Solarwinds when events trigger via Syslog. I know you can use the Solarwinds Splunk A...

by Path Finder in

Is there any way to add a custom time to a notable event in Splunk ES?

In Splunk ES we have correlation searches creating notable events. The timestamp of the notable event, and thus the t...

by Builder in

How to stop ingesting from 1 of 4 firewalls?

I need to stop ingesting from 1 of 4 of my firewalls. The path of our architecture is firewalls >>>syslog>>>>depl...

by Loves-to-Learn in

How to troubleshoot the Adaptive Response script not running?

Hello everyone, I have set an Adaptive Response Action (custom bash script) along with a Notable event on a simple...

by Communicator in

Which app(s) for Microsoft Windows Defender ATP?

I see 3 different apps from 3 different authors on splunkbase for Microsoft Windows Defender ATP ; which one is the o...

by Esteemed Legend in

Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready?

I have setup Microsoft defender for endpoint inputs with many add on but It looks as though most of the add on are no...

by Loves-to-Learn Everything in

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Hi, So, I have got 2 instances of Cisco Firepower management centers. I need to connect these 2 FMCs to our eStreamer...

by New Member in

Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events?

1.Which firewall port is used for SPLUNK integration with EPM SaaS?2.Any idea about the volume of events received in ...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

IBM X-force Threat Intelligence feed integration with Splunk ES

How to install a fresh install of Enterprise Security onto a search head cluster?

Upgrade UF forwarder plan from 6.5.1 to 8.0

How to make a report or a CSV file from a search result?

token condition match

How to add a custom field in an asset table?

How to create dashboard that will closely monitor login activity of certain users and the IP address?

Parsing epoch time: Why is there Enterprise Security ip_intel issue with time value?

Splunk generating multiple artifacts in phantom

Is there an ES alternative for the use case 'New Cloud API Call Per Peer Group'

How do I add a CIM Change Model and EventCode 4732 (A member was added to a security-enabled local group)

Is it possible to auto-assign notables in Enterprise Security?

Splunk Add-on for AWS - aws_description_tasks endpoint?

What does rt-5m@m to rt-65m@m time-range mean?

Splunk Security Announcement Page no longer available

Can you help me create a usecase that will alert when a string of failed logins is followed by a successful login?

邮件发送问题

How do I get Solarwinds data into Splunk with Syslog?

Is there any way to add a custom time to a notable event in Splunk ES?

How to stop ingesting from 1 of 4 firewalls?

How to troubleshoot the Adaptive Response script not running?

Which app(s) for Microsoft Windows Defender ATP?

Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready?

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events?

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...

Multi-Select in HTML for Alert Action does not ret...