Splunk Enterprise Security

Community Activity

邮件发送问题配置了smtp域名，为什么报警邮箱收不到 by 南盾 Observer in Splunk Enterprise Security 03-15-2022 0 0	0	0
How do I get Solarwinds data into Splunk with Syslog? I would like retrieve data from Solarwinds when events trigger via Syslog. I know you can use the Solarwinds Splunk A... by canalesjac Path Finder in Splunk Enterprise Security 03-15-2022 0 5	0	5
Is there any way to add a custom time to a notable event in Splunk ES? In Splunk ES we have correlation searches creating notable events. The timestamp of the notable event, and thus the t... by hettervik Builder in Splunk Enterprise Security 03-15-2022 0 0	0	0
How to stop ingesting from 1 of 4 firewalls? I need to stop ingesting from 1 of 4 of my firewalls. The path of our architecture is firewalls >>>syslog>>>>deploym... by sandyvaldez Loves-to-Learn in Splunk Enterprise Security 03-11-2022 0 3	0	3
How to troubleshoot the Adaptive Response script not running? Hello everyone, I have set an Adaptive Response Action (custom bash script) along with a Notable event on a simple co... by b_chris21 Communicator in Splunk Enterprise Security 03-11-2022 0 3	0	3
Which app(s) for Microsoft Windows Defender ATP? I see 3 different apps from 3 different authors on splunkbase for Microsoft Windows Defender ATP ; which one is the o... by woodcock Esteemed Legend in Splunk Enterprise Security 03-09-2022 1 5	1	5
Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready? I have setup Microsoft defender for endpoint inputs with many add on but It looks as though most of the add on are no... by chidiuchegbu Loves-to-Learn Everything in Splunk Enterprise Security 03-08-2022 0 0	0	0
How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore Hi, So, I have got 2 instances of Cisco Firepower management centers. I need to connect these 2 FMCs to our eStreamer... by sshukla2505 New Member in Splunk Enterprise Security 03-04-2022 0 9	0	9
Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events? 1.Which firewall port is used for SPLUNK integration with EPM SaaS?2.Any idea about the volume of events received in ... by ritesh5040 Loves-to-Learn in Splunk Enterprise Security 03-03-2022 0 0	0	0
Is there a way to optimize correlation search with tstats? Hello everyone, I have a correlation search setup to detect Suricata IDS alerts of a specific severity and trigger a ... by b_chris21 Communicator in Splunk Enterprise Security 03-03-2022 0 1	0	1
How to export and print a splunk dashboard in python? I want to export the result of a Splunk dashboard and authentication would be via SSO/SAML. I can provide the usernam... by bapun18 Communicator in Splunk Enterprise Security 03-01-2022 0 0	0	0
Can I inherit from the CIM Model? We have lots of firewalls (both internal and internet facing) feeding into our CIM Network_Traffic Model within Enter... by beano501 Explorer in Splunk Enterprise Security 03-01-2022 0 2	0	2
How to see newly created calculated field/field alias/field extraction in the logs ? Hi All, I have created a newly created field/field alias/field extraction with GLOBAL Permissions.Example \| eval test... by sohailmohammed Path Finder in Splunk Enterprise Security 03-01-2022 0 0	0	0
Sonultra TAXII: How to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service? I am trying to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service I have set up the Intell... by michaeltayo Explorer in Splunk Enterprise Security 02-24-2022 1 1	1	1
Questions about Data Model new source addition. I have this 'Email' Data Model in ES. The model is populated by macro and tags(2 eventypes populated by saved search... by zacksoft_wf Contributor in Splunk Enterprise Security 02-23-2022 0 9	0	9
Why is gia_summary index not populating? I've been investigating why I started to not receive ES events for some time now. After upgrading ES, I had to reins... by Stefanie Builder in Splunk Enterprise Security 02-22-2022 0 1	0	1
How to use Time format picker Hi, i have an requirement as like below. TimeStampLoginUsersAvg SLAMin SLA Max SLA20-02-2022 11:3035113.420-02-2022 1... by sahana Engager in Splunk Enterprise Security 02-22-2022 0 2	0	2
How to limit memory usage for a search? Could you please tell me about the following? If I want to limit memory usage for a search, is it correct to think th... by human96 Communicator in Splunk Enterprise Security 02-17-2022 0 3	0	3
Assets Exceeding Field Limits, Source: [merge] Been getting messages saying that some identities are exceeding the field limits. I've increased the limit on some of... by pizzor Path Finder in Splunk Enterprise Security 02-17-2022 0 4	0	4
How to create an Index in splunk to send data through TCP port We have some firewall devices sending data to one index previously. Now I have to create new index for some of the de... by Mukunda7 Explorer in Splunk Enterprise Security 02-16-2022 0 3	0	3
Splunk enterprise security-is there a way to execute the following process of the OS? is there a way to execute the following process of the OS? ?? -Cluster master server (Splunk Enterprise installed) ... by human96 Communicator in Splunk Enterprise Security 02-15-2022 0 1	0	1
How to find the most use cases trigger alerts in Splunk? Greetings! I need to know how I can find the most use cases trigger alerts in Splunk. is there any specific search qu... by engmohdissam New Member in Splunk Enterprise Security 02-11-2022 0 1	0	1
ldapsearch How would I find sAMAccountName(s) - more than one. I have tried boolean operators and(&) or(\|) to no avail. Currentl... by deepdiver Loves-to-Learn Everything in Splunk Enterprise Security 02-10-2022 0 1	0	1
Fine-tuning Enterprise Security? Hello everyone!I'm looking for assistance with fine-tuning Enterprise Security.I've been working hard with configurin... by Stefanie Builder in Splunk Enterprise Security 02-10-2022 0 2	0	2
How to tune search for detection of DNS tunnels rule I need help on how I can tune the search below. It creates too much noise. I will like to know what steps I can use t... by yawdeals New Member in Splunk Enterprise Security 02-09-2022 0 5	0	5