Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to correlate 4688 Process created and Logon 4624 events

Hi, Can someone help me in correlating 4688 Process created and Logon 4624 events? I tried using the Transaction ...

by New Member in

Integrate Data/Information from Splunk App

I want to integrate data from a Splunk App to the Vuln centre in Enterprise Security. Has anyone done this before?

by Explorer in

Search Notables for Open and Closure Times

Hi Everyone, I am trying to write a query that will allow me to use my notable_events table, display the time the n...

by New Member in

How to integrate email alerts into splunk

Hi, I want to integrate emails from particular DL into splunk and splunk should create alerts for that traffic.

by New Member in

Audit trail for investigations

An analyst adds a note to investigation. Another analyst from another shift delete this note.where is the audit trail...

by Communicator in

How to search by time using |rest command

I'm searching using the | rest command from search bar. Attempting to find saved searches that have been modified in ...

by Explorer in

data backup

Hi, I need to reinstall operation system for my computer installed splunk enterprise recently, and I want to backup t...

by New Member in

Fortigate TA & Apps Deployment

Hi, We have around the world 10 data centers each dc have the firewall setup, servers, splunk indexer. ...

by Explorer in

Splunk + Crowdstrike (DnsRequest+ImageFileName join)

Hello, I got this query from Crowdstrike Documentation https[://]www[.]crowdstrike[. ]com/blog/tech-center/hunt-th...

by New Member in

ES Investigation REST API Error

Greetings Splunkers, I have a dashboard that "broke" over the weekend. When I run any of the dashboard searches I s...

by New Member in

Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?cou

Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?...

by Observer in

Easy notables search - top owners and top alerts per owner

Not sure why this is so hard... Wana go back say 7/30/90 days and stats count number of alerts per analyst. Ie ...

by New Member in

Has any great person here written a Back up / DR for Splunk ES? Any guidance is much appreciated.

I have Indexer clustering, SH clustering in a distributed environment.

by Builder in

time filter in rest apis

I want to fetch the results from triggered alerts from time T1 to T2. Tried passing the earliest_time or earliest ...

by Engager in

Endpoint datamodel

Hi, For "Endpoint datamodel" with specific to "sysmon" sourcetype, what are all the mandatory fields?

by Builder in

Splunk Recorded Future limited Risk List

Hi, Anyone has this issue, Risk lists are limited to 100,000 rows in Splunk for recorded future. Any ideas?

by New Member in

How to separately & automatically index drill down events of notables/incidents raised in ES

I use the inbuilt ES notables and incidents for creating the tickets for team to work on the issues. All the tickets...

by Path Finder in

Fortinet FortiGate APP: Data from different indexers and sources

Hi all, Have gone through my splunk answers and tried quite a few options in setting up a Fortinet Fortigate app. ...

by New Member in

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please.

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please. A...

by Builder in

Fortigate App not working

Hi The Fortinet Fortigate App for Splunk not working and Dashboards are empty. I have installed both the app includ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to correlate 4688 Process created and Logon 4624 events

Integrate Data/Information from Splunk App

Search Notables for Open and Closure Times

How to integrate email alerts into splunk

Audit trail for investigations

How to search by time using |rest command

data backup

Fortigate TA & Apps Deployment

Splunk + Crowdstrike (DnsRequest+ImageFileName join)

ES Investigation REST API Error

Unexpected status for to fetch REST endpoint uri=https://127.0.0.1:8089/services/storage/investigation/investigation?cou

Easy notables search - top owners and top alerts per owner

Has any great person here written a Back up / DR for Splunk ES? Any guidance is much appreciated.

time filter in rest apis

Endpoint datamodel

Splunk Recorded Future limited Risk List

How to separately & automatically index drill down events of notables/incidents raised in ES

Fortinet FortiGate APP: Data from different indexers and sources

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please.

Fortigate App not working

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...

Migrating Splunk Enterprise Security from VM to ne...