Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to separately & automatically index drill down events of notables/incidents raised in ES

I use the inbuilt ES notables and incidents for creating the tickets for team to work on the issues. All the tickets...

by Path Finder in

Fortinet FortiGate APP: Data from different indexers and sources

Hi all, Have gone through my splunk answers and tried quite a few options in setting up a Fortinet Fortigate app. ...

by New Member in

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please.

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please. A...

by Builder in

Fortigate App not working

Hi The Fortinet Fortigate App for Splunk not working and Dashboards are empty. I have installed both the app includ...

by Explorer in

JIRA-service-desk integration with Splunk

Hi guys, I have installed the TA-jira-service-desk-simple-addon on our Splunk instance and everything went well dur...

by New Member in

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Hey Splunk friends, Very new customers to splunk. Trying to find an easy way to create JIRA tickets from noteable...

by New Member in

Correaltion Search : Detect if an Acces Apache Log exist for a user who has triggered an event

Hello, We need to develop a Correlation Search to implement this algorithm : If a specific custom event (here tag...

by Explorer in

how to give data to the Splunk Enterprise security app in the splunk

Hello, I have the Splunk ES app in my splunk enterprise. but i can't see the data in my splunk enterprise security ...

by Explorer in

Making Dashboard from Incident Review Search or Making Dashboard from Investigation

So I'm sorry if this is a rather stupid question, but I have been thrown into creating a dashboard and I've only take...

by Path Finder in

Please advise on a Strategy dealing with increasing number of skipped / saved searches in ES? Thank u

Please advise on a Strategy dealing with increasing number of skipped / saved / deferred searches in Enterprise Secur...

by Builder in

Can anyone tell me why I am getting the following search error: "Error in 'rex' command: Invalid argument: 'NOT'"

Can anyone let me know why I am getting this error? | rex field=url "(?\w+\.\w+)\/" [| inputlookup IOCs-URLs.c...

by New Member in

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u ...

by Builder in

Error after update - Threat Intel

Hello, After updating SES to version 6.4.0, the menu Configure > Data Enrichment > Threat intelligence Management ...

by Explorer in

Need help with reconfiguring LM and DMC on rebuilt linux server

We did rebuild existing server that hosted LM and DMC. I did install latest splunk on the rebuilt server. Copied conf...

by Communicator in

Is there a way to have a duration value account for weekends

So in python coding you can use rrule to assign weekends in weeks and subtract them from your calculation. I ask bec...

by Path Finder in

How do I search for rogue Server added to my environment including info about the Hacker(s)

by Builder in

firewall use cases

hi All, Pls could you share any links or document's for firewall usecases. Thanks in advance 

by Path Finder in

no latest update for ESCU

I saw on https://docs.splunk.com/Documentation/ESSOC/3.23.0/RN/Enhancements, there is 3.23 latest version for ESCU, b...

by Engager in

Find difference in days between today and another date

Hi, I have a creation_date field that has date format 2019-06-21 10:18:00 and then i created a field for today's da...

by Path Finder in

Risk Based alerting in SPLUNK ES

I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc...

by Loves-to-Learn Lots in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to separately & automatically index drill down events of notables/incidents raised in ES

Fortinet FortiGate APP: Data from different indexers and sources

Need your expert advice about Splunk Ent. & Enterprise Security (ES) Backups + Disaster Recover + HA advice please.

Fortigate App not working

JIRA-service-desk integration with Splunk

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Correaltion Search : Detect if an Acces Apache Log exist for a user who has triggered an event

how to give data to the Splunk Enterprise security app in the splunk

Making Dashboard from Incident Review Search or Making Dashboard from Investigation

Please advise on a Strategy dealing with increasing number of skipped / saved searches in ES? Thank u

Can anyone tell me why I am getting the following search error: "Error in 'rex' command: Invalid argument: 'NOT'"

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u

Error after update - Threat Intel

Need help with reconfiguring LM and DMC on rebuilt linux server

Is there a way to have a duration value account for weekends

How do I search for rogue Server added to my environment including info about the Hacker(s)

firewall use cases

no latest update for ESCU

Find difference in days between today and another date

Risk Based alerting in SPLUNK ES

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

How can I make an ES Incident Review copy of my No...

How to duplicate Notables in ES Incident Review?

How to add new field for filtering in Splunk ES in...

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...