Splunk Enterprise Security

Community Activity

Which app(s) for Microsoft Windows Defender ATP? I see 3 different apps from 3 different authors on splunkbase for Microsoft Windows Defender ATP ; which one is the o... by woodcock Esteemed Legend in Splunk Enterprise Security 03-09-2022 1 5	1	5
Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready? I have setup Microsoft defender for endpoint inputs with many add on but It looks as though most of the add on are no... by chidiuchegbu Loves-to-Learn Everything in Splunk Enterprise Security 03-08-2022 0 0	0	0
How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore Hi, So, I have got 2 instances of Cisco Firepower management centers. I need to connect these 2 FMCs to our eStreamer... by sshukla2505 New Member in Splunk Enterprise Security 03-04-2022 0 9	0	9
Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events? 1.Which firewall port is used for SPLUNK integration with EPM SaaS?2.Any idea about the volume of events received in ... by ritesh5040 Loves-to-Learn in Splunk Enterprise Security 03-03-2022 0 0	0	0
Is there a way to optimize correlation search with tstats? Hello everyone, I have a correlation search setup to detect Suricata IDS alerts of a specific severity and trigger a ... by b_chris21 Communicator in Splunk Enterprise Security 03-03-2022 0 1	0	1
How to export and print a splunk dashboard in python? I want to export the result of a Splunk dashboard and authentication would be via SSO/SAML. I can provide the usernam... by bapun18 Communicator in Splunk Enterprise Security 03-01-2022 0 0	0	0
Can I inherit from the CIM Model? We have lots of firewalls (both internal and internet facing) feeding into our CIM Network_Traffic Model within Enter... by beano501 Explorer in Splunk Enterprise Security 03-01-2022 0 2	0	2
How to see newly created calculated field/field alias/field extraction in the logs ? Hi All, I have created a newly created field/field alias/field extraction with GLOBAL Permissions.Example \| eval test... by sohailmohammed Path Finder in Splunk Enterprise Security 03-01-2022 0 0	0	0
Sonultra TAXII: How to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service? I am trying to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service I have set up the Intell... by michaeltayo Explorer in Splunk Enterprise Security 02-24-2022 1 1	1	1
Questions about Data Model new source addition. I have this 'Email' Data Model in ES. The model is populated by macro and tags(2 eventypes populated by saved search... by zacksoft_wf Contributor in Splunk Enterprise Security 02-23-2022 0 9	0	9
Why is gia_summary index not populating? I've been investigating why I started to not receive ES events for some time now. After upgrading ES, I had to reins... by Stefanie Builder in Splunk Enterprise Security 02-22-2022 0 1	0	1
How to use Time format picker Hi, i have an requirement as like below. TimeStampLoginUsersAvg SLAMin SLA Max SLA20-02-2022 11:3035113.420-02-2022 1... by sahana Engager in Splunk Enterprise Security 02-22-2022 0 2	0	2
How to limit memory usage for a search? Could you please tell me about the following? If I want to limit memory usage for a search, is it correct to think th... by human96 Communicator in Splunk Enterprise Security 02-17-2022 0 3	0	3
Assets Exceeding Field Limits, Source: [merge] Been getting messages saying that some identities are exceeding the field limits. I've increased the limit on some of... by pizzor Path Finder in Splunk Enterprise Security 02-17-2022 0 4	0	4
How to create an Index in splunk to send data through TCP port We have some firewall devices sending data to one index previously. Now I have to create new index for some of the de... by Mukunda7 Explorer in Splunk Enterprise Security 02-16-2022 0 3	0	3
Splunk enterprise security-is there a way to execute the following process of the OS? is there a way to execute the following process of the OS? ?? -Cluster master server (Splunk Enterprise installed) ... by human96 Communicator in Splunk Enterprise Security 02-15-2022 0 1	0	1
How to find the most use cases trigger alerts in Splunk? Greetings! I need to know how I can find the most use cases trigger alerts in Splunk. is there any specific search qu... by engmohdissam New Member in Splunk Enterprise Security 02-11-2022 0 1	0	1
ldapsearch How would I find sAMAccountName(s) - more than one. I have tried boolean operators and(&) or(\|) to no avail. Currentl... by deepdiver Loves-to-Learn Everything in Splunk Enterprise Security 02-10-2022 0 1	0	1
Fine-tuning Enterprise Security? Hello everyone!I'm looking for assistance with fine-tuning Enterprise Security.I've been working hard with configurin... by Stefanie Builder in Splunk Enterprise Security 02-10-2022 0 2	0	2
How to tune search for detection of DNS tunnels rule I need help on how I can tune the search below. It creates too much noise. I will like to know what steps I can use t... by yawdeals New Member in Splunk Enterprise Security 02-09-2022 0 5	0	5
How to find out which data model a particular app maps to? How do I find out which data model a particular app "maps" to? Specifically the Cisco security suite ... I see it is ... by tmkunte Engager in Splunk Enterprise Security 02-08-2022 0 2	0	2
Upgrading Enterprise Security in search head cluster Hi, I'm having an issue with my deployer and search head cluster while upgrading enterprise security. In step 8 of th... by TheBravoSierra Path Finder in Splunk Enterprise Security 02-02-2022 0 0	0	0
invalid key for param.default_disposition on Splunk ES 6.6.0 I recently installed brand new Splunk 8.2.2, then installed Splunk ES 6.6.0 on it, after Splunk ES installed and conf... by joshuahuang1 Engager in Splunk Enterprise Security 02-02-2022 0 1	0	1
Different Search Results From Two Macros With Same Contents Hello everyone. I'm looking for some assistance with a problem where I get differing search results from what should ... by securitypaul Explorer in Splunk Enterprise Security 02-02-2022 0 3	0	3
How to automatically assign a recent random notable to a specific user Hello,I would like to assign random new "unassigned" notables to a specific user.I wanted to accomplish this via a sa... by NightShark Path Finder in Splunk Enterprise Security 02-01-2022 0 7	0	7