Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
NDabhi21

How to build SPL query for the configured storage path?

Can Someone  help to build the query for below. Need to collect configured path list (coldpath/homePath / thawedPath ...
by NDabhi21 Explorer in Splunk Enterprise Security 08-10-2022
0 1
0
1
NDabhi21

Why does host stop sending logs to Splunk?

Use case has been prepared with help of Splunk article  https://www.splunk.com/en_us/blog/tips-and-tricks/how-to-dete...
by NDabhi21 Explorer in Splunk Enterprise Security 08-10-2022
0 5
0
5
chaker

How to get a Splunk Cloud Enterprise Security adaptive response (ping) to run on a local HF/UF/SH?

Running Enterprise Security on Splunk Cloud, how can I get an adaptive response such as a ping to run on a local HF/U...
by chaker Contributor in Splunk Enterprise Security 08-08-2022
1 4
1
4
bill_king

Any recommendations for which existing Data Model would be best to match up Qumulo to CIM Compliance?

Any recommendations out there which existing Data Model would be best to match up Qumulo (network drive file access, ...
by bill_king Path Finder in Splunk Enterprise Security 08-08-2022
0 1
0
1
rsyung

What are the OS dependencies on RHEL 8 OS Splunk has?

We would like to patch up the OS and would like to know what are the dependencies on RHEL 8 OS does Splunk has. Thank...
by rsyung Engager in Splunk Enterprise Security 08-08-2022
0 2
0
2
NDabhi21

How get data, which are the index fields are used in which alert or search or dashboards?

would like to reduce the Log data size in index by cut field which are not useful for the use case .  Before cut fiel...
by NDabhi21 Explorer in Splunk Enterprise Security 08-08-2022
0 3
0
3
XavG

Threat activity - Errors in correlation search related to RBA?

Hi, I'm wondering if there isn't an issue with the correlation search that comes with Splunk ES "Threat activity dete...
by XavG Engager in Splunk Enterprise Security 08-05-2022
2 3
2
3
hariskhan

Does Splunk ES have ticket management availability?

Dear Splunkers, Does splunk ES( when purchased) comes with any build-in ticket management system or one has to buy a ...
by hariskhan Explorer in Splunk Enterprise Security 08-05-2022
0 6
0
6
vikram1583

Can some one help me in explaining below Splunk ES Rule

Rule Name : Abnormally High Number of Endpoint Changes By User Description: Detects an abnormally high number of end...
by vikram1583 Explorer in Splunk Enterprise Security 08-04-2022
0 3
0
3
NDabhi21

How do I write a query for Audit Searches?

Hi All, Please suggest the query or solution to achieve below requirement. 1. List of searches or query run by user (...
by NDabhi21 Explorer in Splunk Enterprise Security 08-03-2022
0 2
0
2
DaMushroomCloud

Why are OSSEC logs being sent to Splunk but not being processed by Splunk's IDS Datamodel?

Hello Splunk Community,History of problem:I recently was trying to update OSSEC agents and some needed to be reinstal...
by DaMushroomCloud Engager in Splunk Enterprise Security 08-02-2022
0 1
0
1
zacksoft_wf

Is Splunk Add-on for Symantec Endpoint Protection backwards compatible with CIM 4?

In the splunkbase  it says "Splunk Add-on for Symantec Endpoint Protection"  TA's latest version 3.4.0  is compatible...
by zacksoft_wf Contributor in Splunk Enterprise Security 08-02-2022
1 0
1
0
beano501

ESCU and Enterprise Security Incident Review- Why are results inconsistent?

Not sure I am missing something, but the Correlation Searches provided by ESCU are not consistent in their results. S...
by beano501 Explorer in Splunk Enterprise Security 08-01-2022
0 1
0
1
hkarthikeyan

How to set priority and field in Splunk dashboard?

by hkarthikeyan New Member in Splunk Enterprise Security 07-31-2022
0 3
0
3
neerajs_81

ES : Why is time range picker not working for incident_review macro?

Hello,  In ES when we run the following macro for Last 30 mins or Last 24 H time range,  splunk ends up displaying re...
by neerajs_81 Builder in Splunk Enterprise Security 07-29-2022
0 6
0
6
yourfriend

Tenant to Tenant migration through ODM

Hi All,Our Client has sell off some part of it to another company, Here I am using "CL"  as our client "ZX" as new co...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 07-28-2022
0 0
0
0
dm1

Why are some dashboards not visible in ES after ES upgrade to 7.0.1 from 6.2.0?

I just upgraded Splunk ES from 6.2.0 to 7.0.1 on Splunk Core version 8.1.5. However, some of the dashboards like Clou...
by dm1 Contributor in Splunk Enterprise Security 07-25-2022
0 0
0
0
aranjan

How to ingest Oracle IDCS logs using Rest API into splunk

Need help in building Rest API in splunk ES for Oracle IDCS
by aranjan New Member in Splunk Enterprise Security 07-22-2022
0 0
0
0
jkay2016

What is Macro : modular_action_invocations(Apps: Splunk_SA_CIM)?

Hi I noticed a quite a number job running in the background attributed to the macro "modular_action_invocations". Fro...
by jkay2016 Engager in Splunk Enterprise Security 07-22-2022
2 3
2
3
yourfriend

Process Injection related query

Hello Team,                          We are using Enterprise security in our environment and we have created correlat...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 07-21-2022
0 0
0
0
swagner1965

Best way to move windows logs via portable media from stand alone systems

Hi, We use a few stand alone systems for scanning media and other tasks in our group. We are required to retrieve a...
by swagner1965 Path Finder in Splunk Enterprise Security 07-21-2022
0 3
0
3
warsaw

Why is variable Substitution not working in drill down searches?

I have a correlation search where 'dest' field is present, and in drilldown search I have mentioned      | search des...
by warsaw Loves-to-Learn Lots in Splunk Enterprise Security 07-20-2022
0 7
0
7
Azeemering

How to resolve Threat Artifacts report false postives in Threat Activity

An Example:We have defined two malicious urls in the local_http_intel This triggers false positives in the Threat Ac...
by Azeemering Builder in Splunk Enterprise Security 07-19-2022
0 0
0
0
mdicenzo

How to use variable names in notable events?

I am trying to include dynamic names for a notable event that I have triggering. When I try to use $variable$ it just...
by mdicenzo Explorer in Splunk Enterprise Security 07-11-2022
0 0
0
0
yourfriend

Is there anyway to verify how many repeated alerts are being suppressed by Throttling.?

Hi Team,                    We are reviewing the use cases in our Splunk Enterprise security, We have given Throttlin...
by yourfriend Loves-to-Learn in Splunk Enterprise Security 07-08-2022
0 7
0
7
Get Updates on the Splunk Community!

Splunk Search APIを使えば調査過程が残せます

   このゲストブログは、JCOM株式会社の情報セキュリティ本部・専任部長である渡辺慎太郎氏によって執筆されました。 Note: This article is published in both Japanese ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...
Top Solution Authors
View All