Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Best Add-on for Microsoft Azure AD logs

Hi, I came across multiple add-ons to collect Microsoft Azure AD logs. Which one is the best to collect the logs? ...

by Engager in

which data models have infection_found tag

Hi can some one help me with 'infection_found" tag is belongs to which Data Model. Can it be consider for Malware ...

by Path Finder in

Where do I find already built in Dashboards in Splunk Enterprise & ES

by Builder in

What Splunk Enterprise & ES's vital signs should be checked daily by an Admin to keep Splunk smiling 24x7 ?

What are Splunk Enterprise & ES vital signs should be checked daily by an Admin to keep Splunk & ES smiling 24x7 ? Wh...

by Builder in

Disabled Rules got enabled Automatically

We have observed the disabled rules got enabled automatically, what are the reasons to this. We need to find the root...

by New Member in

Please help me learn standard built in features of Splunk Enterprise Security App. (ES)

I am writing a short report on std. features of the ES I can use with little effort. We have Splunk Ent. 8.0 & have i...

by Builder in

entitymerge for identity_lookup_expanded doesn't produce any results

This is the search that merges identities, according to the search preview: | inputlookup append=T "administrat...

by Contributor in

Which Splunk server do I install the Splunk Dashboard Examples App?

by Builder in

Notable Event Suppression option missing in actions drilldown

I was given admin rights at my job recently to work suppressions, and I have the ability to go to the notable event s...

by New Member in

How to customize Threat Activity dashboard by adding new fields?

Hello! I am experiencing troubles with analyzing Threat Intelligence data in Enterprise Security. When I go to Sec...

by Path Finder in

How do I display 2 lines on a line graph? The fields used are "MatlTemp" and "Hour" and it is sorted by "Batch"

I am using 2 csv files and the "inputlookup" method. Right now I am appending one of the csv to another csv, but the...

by Engager in

User internal_monitoring Attempt to Login?

I am investigating on a Geographically Improbable Access notable event. The user internal_monitoring is detected to h...

by Builder in

In Splunk Enterprise Security, how come old threatlist information isn't properly being cleaned?

We've got several threatlists running and I see that old threatlist information isn't properly cleaned. The max age i...

by Path Finder in

VMWare Unified Access Gateway

Has anyone had experience of ingesting logs from VMWare Unified Access Gateway (UAG)? Splunkbase doesn't seem to h...

by Communicator in

convert alerts to correlation searches

Hello, Having defined multiple alerts before starting to use Enterprise Security, is there a way to convert the ex...

by Explorer in

Time format for column Receipt Time in Incident Review window

Is it possible to change format time for the column "Receipt Time" in "Incident Review"? Currently I see this time ...

by New Member in

ES Glass Table not loading after activating requireClientCert in sslConfig (SSLError)

Hello, I have a problem with Splunk ES Glass Tables not loading when setting the requireClientCert=true in sslConf...

by Explorer in

Wildcard Assets in Asset Lookup

Hi, We have several assets that have the same ending (e.g. splunkcloud.com) but the beginning changes, are we able ...

by Communicator in

Notable event suppression active even after expiration time

Hello, I have SH cluster with Enterprise Security deployed (Splunk version 8.0.4.1, Ent. Security 6.2.0). I created...

by Path Finder in

Should Splunk have Internet access

Should Splunk be connected to internet , have internet access? What are the pluses & minuses ?

by Builder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Best Add-on for Microsoft Azure AD logs

which data models have infection_found tag

Where do I find already built in Dashboards in Splunk Enterprise & ES

What Splunk Enterprise & ES's vital signs should be checked daily by an Admin to keep Splunk smiling 24x7 ?

Disabled Rules got enabled Automatically

Please help me learn standard built in features of Splunk Enterprise Security App. (ES)

entitymerge for identity_lookup_expanded doesn't produce any results

Which Splunk server do I install the Splunk Dashboard Examples App?

Notable Event Suppression option missing in actions drilldown

How to customize Threat Activity dashboard by adding new fields?

How do I display 2 lines on a line graph? The fields used are "MatlTemp" and "Hour" and it is sorted by "Batch"

User internal_monitoring Attempt to Login?

In Splunk Enterprise Security, how come old threatlist information isn't properly being cleaned?

VMWare Unified Access Gateway

convert alerts to correlation searches

Time format for column Receipt Time in Incident Review window

ES Glass Table not loading after activating requireClientCert in sslConfig (SSLError)

Wildcard Assets in Asset Lookup

Notable event suppression active even after expiration time

Should Splunk have Internet access

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Is it possible to make it mandatory to assign Disp...

Unable to open some correlation rules in Splunk en...

PCI Compliance- Why is Incident Review blank?

Create Notable Event Error (reading 'value')

Using relative_time to filter results before writi...