Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Woodpecker

Is throttling based on trigger time? How do we decide?

Hi,I have a CS, which runs every 6mins looking back -65m and -5m.. It triggered a notable alert, where for the same d...
by Woodpecker Path Finder in Splunk Enterprise Security 05-12-2022
0 0
0
0
arangineni

What should be the source type for AWS KMS logs to be CIM mapped fed to Splunk HEC through Kinesis Firehose connector?

We have a setup where the AWS KMS logs are sent to Splunk HEC through below flow. We are getting JSON event format bu...
by arangineni Explorer in Splunk Enterprise Security 05-11-2022
0 0
0
0
Gene

How to notify collaborators when some changes are done in investigation?

Dear Splunkers, can you please advise or direct my to right place on following question:we need to send notification ...
by Gene Path Finder in Splunk Enterprise Security 05-11-2022
0 2
0
2
praju

How to write custom trigger condition?

Hi Team, Could you please help me on this request. I have a correlation search working fine and need to exclude these...
by praju New Member in Splunk Enterprise Security 05-10-2022
0 1
0
1
waja1n0z1

Single Enterprise Security searchhead cluster connected to 2 indexer clusters

Hi All,I am investigating the possibility of consolidating our separate standalone ES Searchheads into a single clust...
by waja1n0z1 Loves-to-Learn in Splunk Enterprise Security 05-04-2022
0 0
0
0
mjones414

Trying to set default disposition of a notable correlation search

Greetings.I've been trying to build a correlation search that sets a default disposition value when it runs but so fa...
by mjones414 Contributor in Splunk Enterprise Security 05-03-2022
0 0
0
0
sitthiporns

Getting error when trying to update notable event

Has anyone found this error event?  
by sitthiporns Explorer in Splunk Enterprise Security 05-03-2022
0 0
0
0
cyber_Maddy

Help with query to find out activity towards a particular URL

query to find out activity towards a particular URL eg: URL - https://www.microsoft.com/en-us/security
by cyber_Maddy Engager in Splunk Enterprise Security 05-02-2022
0 2
0
2
nareshinsvu

Stuck with Splunk ES Upgrade

Hi Helpers - Below is my usecase where I am stuck with my ES upgrade. My Splunk version recently upgraded from 7.2.7 ...
by nareshinsvu Builder in Splunk Enterprise Security 05-01-2022
0 1
0
1
SIEMStudent

Temporal sequence between a search and a multisearch

Hi Splunkers,today I'm facing a problem related to temporal sequence between a multisearch and a search, but let me i...
by SIEMStudent Path Finder in Splunk Enterprise Security 04-26-2022
0 0
0
0
Aziz94

How to create a Dashboard that will show SLA for alerts received on Incident review Dashboard?

Hi Everyone, I am struggling a lot to create a Dashboard that will show SLA for alerts received on Incident review Da...
by Aziz94 New Member in Splunk Enterprise Security 04-21-2022
0 3
0
3
LionWolf

Specific field not populating in dashboard panel

Hello Community, I'm currently having trouble with a dashboard panel I'm making. The dashboard panel is supposed to d...
by LionWolf Explorer in Splunk Enterprise Security 04-21-2022
0 1
0
1
LionWolf

Help creating a table that shows specific notable information

Hello Community, I'm working on a search for a dashboard panel and I need some help.I'm looking to get the owner, sea...
by LionWolf Explorer in Splunk Enterprise Security 04-20-2022
0 4
0
4
RuckmaniElango

How to be able to reassign the Orphaned searches?

I have tried reassigning the orphaned search to the new owner, but couldn't able to fix it. I am getting the error me...
by RuckmaniElango New Member in Splunk Enterprise Security 04-20-2022
0 2
0
2
hieuba6868

How to write Asset and Identity configuration?

I have 2 sourcetype WinHostMon and wineventlog with Splunk add-on for Microsoft windows. After doing Asset and Identi...
by hieuba6868 Explorer in Splunk Enterprise Security 04-19-2022
0 1
0
1
oylkm

Do I tune the use-case search itself or modify the Threat Intelligence datamodel?

I have a few Threat Intelligence data that have Use-Cases applied to them but I'm trying to filter out blocked events...
by oylkm Explorer in Splunk Enterprise Security 04-18-2022
0 2
0
2
timsheets13

Why not getting Notables?

I'm new to ES.  I have taken the ES Admin course so I probably shouldn't have to ask for help but I'm pulling my hair...
by timsheets13 Loves-to-Learn in Splunk Enterprise Security 04-18-2022
0 2
0
2
mjon395

Column Chart over repeating day ranges- Is it possible to do a sum on "grouped days"

Hello, I've been trying a few different ways, with no luck, to represent some server counts that I see happening on T...
by mjon395 Explorer in Splunk Enterprise Security 04-15-2022
0 1
0
1
jogonz20

Does anybody know what is the purpose of this formula in one splunk use case from the content library

Hello splunkers,While checking some use cases I found out one that I am interested of "Detect Spike in Network ACL ac...
by jogonz20 Explorer in Splunk Enterprise Security 04-15-2022
0 2
0
2
b_chris21

Syslog input on Splunk HF and forward to Splunk AWS instance.

Hello, I have a Splunk ES instance on AWS. All logs are forwarded there from a Splunk HF (full forwarding - no indexi...
by b_chris21 Communicator in Splunk Enterprise Security 04-15-2022
0 5
0
5
alexspunkshell

How to create notable events with search?

I have Power-user access only. I have a Splunk query and I enabled an alert as a Notable Event. And I also received t...
by alexspunkshell Contributor in Splunk Enterprise Security 04-14-2022
0 1
0
1
starcher

SplunkES plus SOAR: Analyst List, Notable Assignment and Centralized Authentication

Ever tried to assign a SplunkES Notable via Splunk SOAR to have it fail? So you also use centralized authentication s...
by starcher Influencer in Splunk Enterprise Security 04-13-2022
2 0
2
0
Nawab

How to set up Alert Collaborators when added in investigation?

Hi, I am trying to work with splunks ESS. Currently I am stuck. Is there any way we can alert user once he/she is add...
by Nawab Communicator in Splunk Enterprise Security 04-13-2022
0 0
0
0
srisahitya_v

Why is Service now Add on in Splunk is not extracting all the fields?

Hello All, I'm using Service now add-on for Splunk and installed on Heavy forwarder. Through setup page in add-on I h...
by srisahitya_v Communicator in Splunk Enterprise Security 04-12-2022
0 3
0
3
tokio13

SplunkEnterpriseSecuritySuite: Why is correlation search next scheduled time in the past?

Hello, What could be the explanation for a Correlation Search that is set to run live, on the Next Scheduled Time tab...
by tokio13 Path Finder in Splunk Enterprise Security 04-11-2022
0 1
0
1
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...
Top Solution Authors
View All