Splunk Enterprise Security

Discussions

Thread Info

Splunk add on for microsoft windows

After installing microsoft windows add on I could not see applicable tags for network resolution data model with resp...

by Path Finder in

error while installation

We downloaded the Enterprise Security app from the address you specified. When we want to upload this to the Splunk e...

by New Member in

Enterprise Security Incident Review - Incomplete list or correlation searches in filter

Hi folks, A user in my company discovered that the pre-built list of Correlation-Searches in the filter on the Inci...

by Explorer in

invalid Stanza error in SplunkEnterpriseSecuritySuite

Why I am getting invalid Stanza error in SplunkEnterpriseSecuritySuite, its *.conf.spec file is present in README sub...

by Path Finder in

Regex for CEF

Hi SMEs, I am trying to write regex to parse/map CEF format fields as below. so that all corresponding fieldnam...

by Path Finder in

The case of the reappearing roles - LDAP Mapping

Hi All. Hopefully somebody has an answer to this. We are on v8.1.6 and in doing some security cleanup, I was removi...

by New Member in

Databases group change

Hi Splunkers, I'm in trouble with a correlation rule creation. The purposes of the rule is the following one: if ...

by Path Finder in

delete top notable event from the "Top Notable Events" panel in ES Security Posture page

I have disabled a few of the Correlation searches and would like to delete them from the "Top Notable Events" panel i...

by Contributor in

Threat Intelligence custom feed error

Hello, I just configured a new Custom Threat Intelligence feed in Splunk Enterprise Security and I'm getting a stra...

by New Member in

What dependencies dose Splunk Security Essentials App (SSE) has on ES & ES content updates Apps? Thx a million

Please help me with learning What dependencies dose Splunk Security Essentials App (SSE) has on ES & ES content updat...

by Builder in

After Upgrading Splunk Enterprise Security, I am not receiving Incidents

Hey! We upgraded to Splunk Enterprise Security to the latest version a few weeks ago. Before, it was on Version 4...

by Builder in

Splunk Notable Events not showing default owner

Hello, Hope you are doing well! I have updated exiting correlation alert in Splunk as notable event which prev...

by Engager in

How to get powershell log on Webgui?

Hi Everyone, I set splunk(on windows) lab envirement because try something threat activity.I need to take power...

by Observer in

Which fields are used for the identity comparison in Splunk ES?

Hi, Within Splunk Enterprise Security, when the urgency of a notable event is calculated, the priority of the iden...

by Path Finder in

Does ES have all the features available in Splunk Security Essentials App?

Does ES also comes with SSE app features like Analytics Advisor, Content Recommendations, Data inventory, CIM complia...

by Motivator in

XML Field Extractions

HI, I am having some logs comes with XML format for Privilaged Access Manager, i need to extract the fields by defa...

by Engager in

Data input error

I tried to get data using Google Workspace Add-on, but the following error occurs. Could you please tell me how to re...

by Splunk Employee in

Equivalence between QRadar Event Category and Splunk

Hi everybody. Currently, we have a task which involve QRadar correlation rules translation to SPlunk ones.The Splun...

by Path Finder in

Admin Role user cannot see specific Analyst user to assign notable to

I have a problem where an admin role user cannot see another analyst user to assign specific notable events to. Howev...

by Path Finder in

ES Search query

Hey, has anyone created a search that merges an ipadd from threat intel and ipadd from azure so it'll trigger an aler...

by Explorer in

Splunk 8 python 2.7 for an app

Hello, I'm trying to force an app to use python 2.7 on a Splunk 8 with enterprise security. The config in serve...

by Explorer in

Parsing the "_raw" field of Splunk Python SDK results

Hi everyone, We're using the Splunk Python SDK to run queries in Splunk. However, we seem to be getting the resul...

by Explorer in

How to check whether splunk is getting data from the server or not ??

I have list of servers, I need a query to check whether splunk is getting data from the server or not ??

by Observer in

Incident Review page has been loading

I install Splunk ES v5.3.1 on Enterprise v7.3.7.1, then I want to open "Incident Review". However the page has been...

by Loves-to-Learn Everything in

Splunk ES Sandbox

What happened to the ES Sandbox? I can no longer find it to sign up for it.

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk add on for microsoft windows

error while installation

Enterprise Security Incident Review - Incomplete list or correlation searches in filter

invalid Stanza error in SplunkEnterpriseSecuritySuite

Regex for CEF

The case of the reappearing roles - LDAP Mapping

Databases group change

delete top notable event from the "Top Notable Events" panel in ES Security Posture page

Threat Intelligence custom feed error

What dependencies dose Splunk Security Essentials App (SSE) has on ES & ES content updates Apps? Thx a million

After Upgrading Splunk Enterprise Security, I am not receiving Incidents

Splunk Notable Events not showing default owner

How to get powershell log on Webgui?

Which fields are used for the identity comparison in Splunk ES?

Does ES have all the features available in Splunk Security Essentials App?

XML Field Extractions

Data input error

Equivalence between QRadar Event Category and Splunk

Admin Role user cannot see specific Analyst user to assign notable to

ES Search query

Splunk 8 python 2.7 for an app

Parsing the "_raw" field of Splunk Python SDK results

How to check whether splunk is getting data from the server or not ??

Incident Review page has been loading

Splunk ES Sandbox

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Correlation Search: Next Step: Ping - NSLOOKUP - R...

Finding based finding / Risk based alerting not wo...

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions