Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Gabriel_CCI

How to link each fired alert to respective saved search?

Hi community! I have a dashboard that shows the alerts on table and in the graph, the questions is How I can link eac...
by Gabriel_CCI Explorer in Splunk Enterprise Security 09-06-2022
0 1
0
1
cjacklum

Why does the Notable Incident Review Status dropdown have "No Matches"?

We are in SplunkCloud with ES 7.0.0 As a user with the sc_admin or ess_admin role when selecting an incident to edit,...
by cjacklum Engager in Splunk Enterprise Security 09-06-2022
0 1
0
1
MinaMina

How to get SQL server logs into Splunk for Enterprise Security?

Hello, I need to put sql server logs into Splunk for Enterprise Security. Is there any add-on available? I found an ...
by MinaMina New Member in Splunk Enterprise Security 09-06-2022
0 9
0
9
rockzers

How do I compare two indexes with the same value and a different field name?

i installed universal forwarder 4 machine this event log is getting my pci want to compare my event log and universal...
by rockzers Path Finder in Splunk Enterprise Security 09-01-2022
0 1
0
1
danielbb

How does ES compare with Chronicle Security of Google?

Is there a comparison between ES and Chronicle Security of Google? A top official here wonders about it.
by danielbb Motivator in Splunk Enterprise Security 08-31-2022
0 1
0
1
apollo_sj

Phantom: When running a Splunk action why the error "Failed to acquire lock"?

Hi All, We are running an Splunk action - run query (search) on a Phantom playbook which is active on every event com...
by apollo_sj New Member in Splunk Enterprise Security 08-26-2022
0 1
0
1
jack_lang

RBAC for Notable events?

Hi, Imagine the role `A` has access to index=foobar, but roles 'B' and 'C' do not. Imagine Splunk Enterprise Security...
by jack_lang New Member in Splunk Enterprise Security 08-26-2022
0 1
0
1
sami2

How can I view the source index where Splunk Enterprise Security take the event?

I need to know where i can view the source index of the event that Splunk Enterprise Security take to make an alert, ...
by sami2 New Member in Splunk Enterprise Security 08-26-2022
0 2
0
2
davidem

The Notable Generation doesn't produce the expected results?

Hi, I created a new Correlation Search that needs to generate notable, so in the "Adaptive Response Actions" I added ...
by davidem Explorer in Splunk Enterprise Security 08-26-2022
0 2
0
2
jmgonzalez

How to exclude events with same session_id - Remote Desktop Network Bruteforce?

Hello, We are trying to modify the existing query in the "Remote Desktop Network Bruteforce" correlation search prese...
by jmgonzalez Observer in Splunk Enterprise Security 08-26-2022
0 3
0
3
marceldera

How to remove a duplicate from a field result?

I am trying to remove duplicate from a field result: index=tenable* sourcetype="*" severity_description="*" | table s...
by marceldera Explorer in Splunk Enterprise Security 08-25-2022
0 1
0
1
Papoose1992

What is the best way to integrate Samba AD logs for user activity with Splunk Cloud?

Hi All, What is the best way to integrate Samba AD logs for user activity with Splunk Cloud?  
by Papoose1992 Observer in Splunk Enterprise Security 08-23-2022
0 0
0
0
neerajs_81

How to view data from Threat intel collections?

Hello, Like any other ES user, we have threat intel feeds configured that came along with box.  How can i view the ac...
by neerajs_81 Builder in Splunk Enterprise Security 08-19-2022
0 1
0
1
Gabriel_CCI

Can I Upgrade Splunk Enterprise 8.1.0 with ES 6.0.0 installed?

Hi. I need upgrade my Splunk Cluster, my current versión is 7.3.2  and I need upgrade to 8.0.10, but we have Enterpri...
by Gabriel_CCI Explorer in Splunk Enterprise Security 08-16-2022
0 1
0
1
Ananta

What is "Malware Domains threatlist" in Splunk Enterprise Security?

Hi All, We are planning to upgrade Splunk ES from 6.2 to 7.0.1. In Release Notes of 7.0.1 deprecated features, its me...
by Ananta New Member in Splunk Enterprise Security 08-15-2022
0 0
0
0
sr_dhinesh

How to properly map windows Endpoint DataModel with Windows logs?

Hello team: i am working on Splunk Endpoint Data Model and i have windows audit logs in splunk. My concern is if i we...
by sr_dhinesh Path Finder in Splunk Enterprise Security 08-11-2022
0 8
0
8
cybersej

AWS Splunk Usescases- What are AWS sourcetype details and which are required for security perspective?

Hi Splunkers, I will planning entegration splunk on our aws envirement but I m beginner on aws so please could you he...
by cybersej Observer in Splunk Enterprise Security 08-10-2022
0 2
0
2
NDabhi21

How to build SPL query for the configured storage path?

Can Someone  help to build the query for below. Need to collect configured path list (coldpath/homePath / thawedPath ...
by NDabhi21 Explorer in Splunk Enterprise Security 08-10-2022
0 1
0
1
NDabhi21

Why does host stop sending logs to Splunk?

Use case has been prepared with help of Splunk article  https://www.splunk.com/en_us/blog/tips-and-tricks/how-to-dete...
by NDabhi21 Explorer in Splunk Enterprise Security 08-10-2022
0 5
0
5
chaker

How to get a Splunk Cloud Enterprise Security adaptive response (ping) to run on a local HF/UF/SH?

Running Enterprise Security on Splunk Cloud, how can I get an adaptive response such as a ping to run on a local HF/U...
by chaker Contributor in Splunk Enterprise Security 08-08-2022
1 4
1
4
bill_king

Any recommendations for which existing Data Model would be best to match up Qumulo to CIM Compliance?

Any recommendations out there which existing Data Model would be best to match up Qumulo (network drive file access, ...
by bill_king Path Finder in Splunk Enterprise Security 08-08-2022
0 1
0
1
rsyung

What are the OS dependencies on RHEL 8 OS Splunk has?

We would like to patch up the OS and would like to know what are the dependencies on RHEL 8 OS does Splunk has. Thank...
by rsyung Engager in Splunk Enterprise Security 08-08-2022
0 2
0
2
NDabhi21

How get data, which are the index fields are used in which alert or search or dashboards?

would like to reduce the Log data size in index by cut field which are not useful for the use case .  Before cut fiel...
by NDabhi21 Explorer in Splunk Enterprise Security 08-08-2022
0 3
0
3
XavG

Threat activity - Errors in correlation search related to RBA?

Hi, I'm wondering if there isn't an issue with the correlation search that comes with Splunk ES "Threat activity dete...
by XavG Engager in Splunk Enterprise Security 08-05-2022
2 3
2
3
hariskhan

Does Splunk ES have ticket management availability?

Dear Splunkers, Does splunk ES( when purchased) comes with any build-in ticket management system or one has to buy a ...
by hariskhan Explorer in Splunk Enterprise Security 08-05-2022
0 6
0
6
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All