Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Temporal sequence between a search and a multisearch

Hi Splunkers, today I'm facing a problem related to temporal sequence between a multisearch and a search, but let m...

by Path Finder in

How to create a Dashboard that will show SLA for alerts received on Incident review Dashboard?

Hi Everyone, I am struggling a lot to create a Dashboard that will show SLA for alerts received on Incident revie...

by New Member in

Specific field not populating in dashboard panel

Hello Community, I'm currently having trouble with a dashboard panel I'm making. The dashboard panel is suppose...

by Explorer in

Help creating a table that shows specific notable information

Hello Community, I'm working on a search for a dashboard panel and I need some help. I'm looking to get the o...

by Explorer in

How to be able to reassign the Orphaned searches?

I have tried reassigning the orphaned search to the new owner, but couldn't able to fix it. I am getting the error me...

by New Member in

How to write Asset and Identity configuration?

I have 2 sourcetype WinHostMon and wineventlog with Splunk add-on for Microsoft windows. After doing Asset and Identi...

by Explorer in

Do I tune the use-case search itself or modify the Threat Intelligence datamodel?

I have a few Threat Intelligence data that have Use-Cases applied to them but I'm trying to filter out blocked events...

by Explorer in

Why not getting Notables?

I'm new to ES. I have taken the ES Admin course so I probably shouldn't have to ask for help but I'm pulling my hair...

by Loves-to-Learn in

Column Chart over repeating day ranges- Is it possible to do a sum on "grouped days"

Hello, I've been trying a few different ways, with no luck, to represent some server counts that I see happening o...

by Explorer in

Does anybody know what is the purpose of this formula in one splunk use case from the content library

Hello splunkers, While checking some use cases I found out one that I am interested of "Detect Spike in Network ACL...

by Explorer in

Syslog input on Splunk HF and forward to Splunk AWS instance.

Hello, I have a Splunk ES instance on AWS. All logs are forwarded there from a Splunk HF (full forwarding - no ind...

by Communicator in

How to create notable events with search?

I have Power-user access only. I have a Splunk query and I enabled an alert as a Notable Event. And I also receive...

by Contributor in

SplunkES plus SOAR: Analyst List, Notable Assignment and Centralized Authentication

Ever tried to assign a SplunkES Notable via Splunk SOAR to have it fail? So you also use centralized authentication s...

by Influencer in

How to set up Alert Collaborators when added in investigation?

Hi, I am trying to work with splunks ESS. Currently I am stuck. Is there any way we can alert user once he/she is ...

by Communicator in

Why is Service now Add on in Splunk is not extracting all the fields?

Hello All, I'm using Service now add-on for Splunk and installed on Heavy forwarder. Through setup page in add-on ...

by Communicator in

SplunkEnterpriseSecuritySuite: Why is correlation search next scheduled time in the past?

Hello, What could be the explanation for a Correlation Search that is set to run live, on the Next Scheduled Time ...

by Path Finder in

SplunkES: List Enabled Notable Activity Last 90 Days

Handy search for a dashboard earliest=-90d@d `notable` | eval isSuppressed=if(match(eventtype,"Suppression"),1,...

by Influencer in

SplunkES - Find Job Issues

Here is a handy way to skim all the job results from - Rule and - Gen searches with ES to look for issues. | re...

by Influencer in

Having some doubts about Updating Splunk Apps

I have some doubts about Updating Splunk Apps.1. The Splunk Apps that comes pre-built/packed with Enterprise Security...

by Contributor in

How to see when UF last send log to Splunk?

I have multiple UF (Universal Forwarder) in my environment and all of those are sending logs to one IF (Intermediate ...

by Explorer in

How to move the entire configuration from one HF to new HF server?

Due to some issue, We have to discontinue our existing Heavy Forwarder and move all the sources, data inputs, Splunk ...

by Explorer in

SplunkES List Correlation Searches

This can be handy for dumping a list of installed ES correlation searches with disabled status, description, framewor...

by Influencer in

Where to find Telecom-Security use cases

Hi all, Can somebody recommend some sources from where I could learn about writing and implementing Telecom-Securi...

by Path Finder in

How to connect the SEP api using python?

Hi I am trying to connect the SEP api via python and my code is as follows - # encoding = utf-8 import osimpor...

by New Member in

How to integrate IBM xforces free open source threat feed with splunk?

We want to integrate IBM xforce's free open source threat feed with splunk. How can I achieve this. I have IBMs api i...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Temporal sequence between a search and a multisearch

How to create a Dashboard that will show SLA for alerts received on Incident review Dashboard?

Specific field not populating in dashboard panel

Help creating a table that shows specific notable information

How to be able to reassign the Orphaned searches?

How to write Asset and Identity configuration?

Do I tune the use-case search itself or modify the Threat Intelligence datamodel?

Why not getting Notables?

Column Chart over repeating day ranges- Is it possible to do a sum on "grouped days"

Does anybody know what is the purpose of this formula in one splunk use case from the content library

Syslog input on Splunk HF and forward to Splunk AWS instance.

How to create notable events with search?

SplunkES plus SOAR: Analyst List, Notable Assignment and Centralized Authentication

How to set up Alert Collaborators when added in investigation?

Why is Service now Add on in Splunk is not extracting all the fields?

SplunkEnterpriseSecuritySuite: Why is correlation search next scheduled time in the past?

SplunkES: List Enabled Notable Activity Last 90 Days

SplunkES - Find Job Issues

Having some doubts about Updating Splunk Apps

How to see when UF last send log to Splunk?

How to move the entire configuration from one HF to new HF server?

SplunkES List Correlation Searches

Where to find Telecom-Security use cases

How to connect the SEP api using python?

How to integrate IBM xforces free open source threat feed with splunk?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Asset Identity Framework subnet does not match ip-...

Palo Alto apps and add-ons for splunk

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions