Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
mcohen13

How to create an alert if index have no data in the last 24 hours?

I want to create alert to check on all indexes event count and alert the list of all indexes that have no events in t...
by mcohen13 Loves-to-Learn in Splunk Enterprise Security 09-28-2022
0 3
0
3
GuyCo

How to send events via HEC method via JSON format?

Hi to all. im setting an integration with Splunk and Splunk ES. I decided to send events via HEC method json format. ...
by GuyCo Observer in Splunk Enterprise Security 09-28-2022
0 1
0
1
dm1

Is it possible to set up retrospective searches based on new threat intelligence indicators in ES?

As the title says, I am looking to setup retrospective searches based on new threat intelligence indicators in ES. Is...
by dm1 Contributor in Splunk Enterprise Security 09-26-2022
0 2
0
2
hemantkantak

How to detect threat from MySQL database, and as a threat response- how to safeguard storage volume used for database?

use case : How to detect threats from MySQL database and as a threat response how to safeguard Storage volume used fo...
by hemantkantak Engager in Splunk Enterprise Security 09-26-2022
0 0
0
0
kiran331

How to configure email settings for Splunk Cloud to send alerts?

What's the best practice to configure email settings on Splunk Cloud Enterprise Security (ES) and Adhoc search head t...
by kiran331 Builder in Splunk Enterprise Security 09-26-2022
0 2
0
2
leszek109

Is it possible to change time format for column Receipt Time in Incident Review window?

Is it possible to change format time for the column "Receipt Time" in "Incident Review"? Currently I see this time in...
by leszek109 Engager in Splunk Enterprise Security 09-26-2022
0 1
0
1
Ash

Input lookup results: How to exclude results from Lookups?

Hi, index=network sourcetype=cisco:asa NOT src_ip IN("10.0.0.0/8","10.0.0.1,"10.0.0.2") | bucket _time span=1m| stats...
by Ash Engager in Splunk Enterprise Security 09-23-2022
0 3
0
3
yourfriend

Where can I find Splunk logs for Content management in Splunk Enterprise security?

Hello Team, In our environment, we have created use cases in the content management in Splunk ES. We want to know the...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 09-22-2022
0 1
0
1
NightShark

Threat Activity Detecting Possibly Old Intel From Old Lookup- Search shows more than specified?

Hello Splunkers, I have a search created below to only detect local ip intel specified manually by the user: | tstats...
by NightShark Path Finder in Splunk Enterprise Security 09-22-2022
0 8
0
8
Gaikwad

In Splunk Fortinet FortiGate app - Wireless and System dashboards are not working?

In the Splunk Fortinet FortiGate app - wireless and System dashboards are not workingboth dashboards are not showing ...
by Gaikwad Explorer in Splunk Enterprise Security 09-20-2022
0 0
0
0
tromero3

Variable substitution not working in correlation search?

I have a correlation search for detecting when host stops sending logs. I enabled the search and set the title as bel...
by tromero3 Path Finder in Splunk Enterprise Security 09-20-2022
0 4
0
4
omri_p

Splunk Add-on for Windows - DNS Not Mapped to CIM?

i have installed the Splunk Add-on for Windows app to monitor DNS logs using the Debugging enabled option on my serve...
by omri_p Engager in Splunk Enterprise Security 09-20-2022
3 3
3
3
spctravis

Risk isn't showing up in the Edit Correlation Search?

I have an app with my alerts. I have risk enabled and it's working however risk isn't showing up in the Edit Correlat...
by spctravis Explorer in Splunk Enterprise Security 09-20-2022
0 2
0
2
sheamus69

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway?

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway (UAG)? Splunkbase doesn't seem to have...
by sheamus69 Communicator in Splunk Enterprise Security 09-19-2022
0 11
0
11
Prashanta

What apps are used for splunk in soc in bank?

which apps are used in Splunk soc in a bank ?? for threat intel, incident response, and so on.
by Prashanta New Member in Splunk Enterprise Security 09-18-2022
0 1
0
1
AntoineDRN

Is it possible to get the creation date of a correlation search?

Hello Splunkers,   I was wondering if there is a way to get the creation date of a correlation search.  If so, what i...
by AntoineDRN Path Finder in Splunk Enterprise Security 09-16-2022
0 4
0
4
hwang2021

How to change the event time of ES Incident Review

Hello, I am new for Splunk ES.To configure the ES Incident Review, I use the default setting for the Time which shoul...
by hwang2021 Loves-to-Learn Lots in Splunk Enterprise Security 09-16-2022
0 2
0
2
amartin6

How do we prevent Content Update popup window in ES 7.0?

We are planning to upgrade ES from 6.6.2 to 7.0.1, one of the new features will have a pop up window indicating that ...
by amartin6 Path Finder in Splunk Enterprise Security 09-15-2022
0 0
0
0
drih

Expiration of Threat Intel in Enterprise Security- Once file is uploaded, should we remove rows from CSV to start it?

Hi, We use the threat intelligence app within Enterprise security and use the local IP intel csv (local_ip_intel.csv)...
by drih Engager in Splunk Enterprise Security 09-15-2022
1 0
1
0
yourfriend

Is there any way to know about hot warm cold frozen buckets lifespan from Splunk GUI?

Hello Splunk team, I have two doubts please help me with details, 1. We are using Splunk cloud platform for Enterpris...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 09-13-2022
0 4
0
4
tonymorin

Splunk Enterprise Security: How can I edit a notable table in the Incident Review dashboard to alternate row colors?

I want to zebra strip (gray, white, gray, white)/alternate the row colors in the triggered notable table in the Incid...
by tonymorin Explorer in Splunk Enterprise Security 09-13-2022
0 3
0
3
cdp_fap

Can Splunk HEC enable client authentication?

I want to enable client authentication. so I midify $SPLUNK_HOME/etc/apps/splunk_httpinput/local/inputs.conf [http]di...
by cdp_fap Observer in Splunk Enterprise Security 09-13-2022
0 0
0
0
AntoineDRN

Tried to edit one notable and 15,000 events got updated instead- Is there a way to rollback?

Hello Splunkers,   We had some trouble with notable events.  Long story short, by wanting edit one notable, something...
by AntoineDRN Path Finder in Splunk Enterprise Security 09-13-2022
0 0
0
0
aakwah

How to change notable event row color or the color of any field in incident review dashboard?

Hi, I'd like to change Notable Event row color or the color of any field in incident review dashboard to easily ident...
by aakwah Builder in Splunk Enterprise Security 09-13-2022
0 0
0
0
sivareddy

Ho do I resolve Splunk Enterprise Security error: View more information about your request (request ID = 631c96cc4c7fa17

while opening into search head server get error as : View more information about your request (request ID = 631c96cc4...
by sivareddy Loves-to-Learn Lots in Splunk Enterprise Security 09-10-2022
0 0
0
0
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...
Top Solution Authors
View All