Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
ayushchoudhary

IBM X-force Threat Intelligence feed integration with Splunk ES

Can some one please help if you have any document on how to integrate the IBM X-force Threat intelligence feed with S...
by ayushchoudhary Path Finder in Splunk Enterprise Security 04-05-2022
0 2
0
2
TheBravoSierra

How to install a fresh install of Enterprise Security onto a search head cluster?

I'm trying to install a fresh install of Enterprise Security onto a search head cluster.  I uploaded the app via the ...
by TheBravoSierra Path Finder in Splunk Enterprise Security 04-04-2022
0 2
0
2
Robertoing

Upgrade UF forwarder plan from 6.5.1 to 8.0

Hi,I need to upgrade UF forwarder from version 6.5.1 to version 8.0; is possible do it immediatly or I must install s...
by Robertoing Explorer in Splunk Enterprise Security 03-31-2022
0 1
0
1
ofaheem

How to make a report or a CSV file from a search result?

Hi, I want to make a report or a CSV file from a search result. However, the search result is more than 7 million. So...
by ofaheem New Member in Splunk Enterprise Security 03-31-2022
0 1
0
1
sahana

token condition match

Hi,I have a parent panel which has below table panelFunction NameSuccessFailureSLAgreet34513.5NGA43067.5Customer54145...
by sahana Engager in Splunk Enterprise Security 03-27-2022
0 1
0
1
slah

How to add a custom field in an asset table?

Hi, I have encoutered problem regarding adding a custom field to an asset table. I have followed a series of articles...
by slah Observer in Splunk Enterprise Security 03-25-2022
0 0
0
0
AidanMarkSmith

How to create dashboard that will closely monitor login activity of certain users and the IP address?

Hi, I need some help setting up a dashboard that will allow us to closely monitor login activity of certain users and...
by AidanMarkSmith Observer in Splunk Enterprise Security 03-22-2022
0 4
0
4
licroBI_0x

Parsing epoch time: Why is there Enterprise Security ip_intel issue with time value?

Hi all, I would like some help related to the wrong time value in Threat Intelligence (KV Store Lookup ) "ip_intel". ...
by licroBI_0x Observer in Splunk Enterprise Security 03-22-2022
0 0
0
0
emkaxon

Splunk generating multiple artifacts in phantom

Hello, We're facing an issue when events are forwarded from splunk to phantom, multiple artifacts are being generate...
by emkaxon New Member in Splunk Enterprise Security 03-22-2022
0 6
0
6
samin

Is there an ES alternative for the use case 'New Cloud API Call Per Peer Group'

Is there any Enterprise Security (ES) alternative of the use case 'New Cloud API Call Per Peer Group'?  
by samin Engager in Splunk Enterprise Security 03-20-2022
0 0
0
0
beano501

How do I add a CIM Change Model and EventCode 4732 (A member was added to a security-enabled local group)

Running CIM 5.0 and was looking to do some reporting on users/groups added to security groups (information provided b...
by beano501 Explorer in Splunk Enterprise Security 03-19-2022
0 0
0
0
PebbleHG

Is it possible to auto-assign notables in Enterprise Security?

I have a team that wants specific notables to be automatically assigned to specific team members. Is this even possi...
by PebbleHG Engager in Splunk Enterprise Security 03-18-2022
0 2
0
2
jpatwary

Splunk Add-on for AWS - aws_description_tasks endpoint?

When trying to enable aws_description_tasks, I'm finding it in the logs that it is erroring out due to 'Connection re...
by jpatwary New Member in Splunk Enterprise Security 03-17-2022
0 0
0
0
nabeel652

What does rt-5m@m to rt-65m@m time-range mean?

Hi Guys In Splunk ES there is correlation search "Excessive Failed Logins" which has time range set to latest=rt-5m@...
by nabeel652 Builder in Splunk Enterprise Security 03-17-2022
0 6
0
6
jkaracan

Splunk Security Announcement Page no longer available

Hi Team,We notice that the page below is no longer available.https://www.splunk.com/en_us/product-security/announceme...
by jkaracan Loves-to-Learn in Splunk Enterprise Security 03-16-2022
0 1
0
1
kokanne

Can you help me create a usecase that will alert when a string of failed logins is followed by a successful login?

I'm trying to make a usecase where it will alert when there are several attempts of failed logins and one of them suc...
by kokanne Communicator in Splunk Enterprise Security 03-16-2022
0 6
0
6
南盾

邮件发送问题

配置了smtp域名,为什么报警邮箱收不到 
by 南盾 Observer in Splunk Enterprise Security 03-15-2022
0 0
0
0
canalesjac

How do I get Solarwinds data into Splunk with Syslog?

I would like retrieve data from Solarwinds when events trigger via Syslog. I know you can use the Solarwinds Splunk A...
by canalesjac Path Finder in Splunk Enterprise Security 03-15-2022
0 5
0
5
hettervik

Is there any way to add a custom time to a notable event in Splunk ES?

In Splunk ES we have correlation searches creating notable events. The timestamp of the notable event, and thus the t...
by hettervik Builder in Splunk Enterprise Security 03-15-2022
0 0
0
0
sandyvaldez

How to stop ingesting from 1 of 4 firewalls?

I need to stop ingesting from 1 of 4 of my firewalls. The path of our architecture is  firewalls >>>syslog>>>>deploym...
by sandyvaldez Loves-to-Learn in Splunk Enterprise Security 03-11-2022
0 3
0
3
b_chris21

How to troubleshoot the Adaptive Response script not running?

Hello everyone, I have set an Adaptive Response Action (custom bash script) along with a Notable event on a simple co...
by b_chris21 Communicator in Splunk Enterprise Security 03-11-2022
0 3
0
3
woodcock

Which app(s) for Microsoft Windows Defender ATP?

I see 3 different apps from 3 different authors on splunkbase for Microsoft Windows Defender ATP ; which one is the o...
by Esteemed Legend in Splunk Enterprise Security 03-09-2022
1 5
1
5
chidiuchegbu

Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready?

I have setup Microsoft defender for endpoint inputs with many add on but It looks as though most of the add on are no...
by chidiuchegbu Loves-to-Learn Everything in Splunk Enterprise Security 03-08-2022
0 0
0
0
sshukla2505

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Hi, So, I have got 2 instances of Cisco Firepower management centers. I need to connect these 2 FMCs to our eStreamer...
by sshukla2505 New Member in Splunk Enterprise Security 03-04-2022
0 9
0
9
ritesh5040

Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events?

1.Which firewall port is used for SPLUNK integration with EPM SaaS?2.Any idea about the volume of events received in ...
by ritesh5040 Loves-to-Learn in Splunk Enterprise Security 03-03-2022
0 0
0
0
Get Updates on the Splunk Community!

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...
Top Solution Authors
View All