Splunk Enterprise Security

Discussions

Thread Info

PCI Compliance 11.5 - Monitoring files for changes

We are using Splunk to implement file integrity monitoring, but our security team has a requirement that I'm having t...

by Path Finder in

ES2 app installer not finding 2.0.2

The Enterprise Security Install App says I have the latest version of ES 2.0.1 . Why is it not prompting to upgrade t...

by Splunk Employee in

Splunk Enterprise Security & Transit Heavy-Forwarder

Folks, In the following Splunk installation [SH -> IDX -> Heavy-Forwarder -> Multiple UFs + Syslog] Using Enter...

by Communicator in

Field extractor is unusually slow

While working in the ESS app searching for tag=attack last 60 mins time range I get about 1,262 events. I get two war...

by Splunk Employee in

Splunk ES indexer deployment

I see some apps that state they need to be deployed to indexers. However I see no usage of the “TRANSFORMS- ”...

by New Member in

App for Enterprise Security

We have a Partner Enterprise License and we want to test the following app: http://splunk-base.splunk.com/apps/22297/...

by New Member in

ESS - Creating notable event filters

Hi, I'd like to create a filter for a notable event but the field that I'm trying to filter against doesn't show u...

by Explorer in

Enterprise Security Suite

Doc Question regarding ESS I checked out (e.g. http://www.splunk.com/view/enterprise-security-suite/SP-CAAAE8Z). I...

by Contributor in

Deselecting checkboxes do not deselect

ESS 1.1.2 on Splunk 4.3 Incident review checkboxes for Status and Urgency will not deselect when unchecked. I end up...

by Splunk Employee in

High CPU and memory usage with ESS (Enterprise Security Suite)

I am experiencing high CPU and memory usage with ESS. In some case, the resource usage is high enough to cause Splunk...

by Champion in

Splunk ESS Error Message

why do i get the following error ? Error loading file: Error loading file: /static/app/SplunkEnterpriseSecuritySui...

by Path Finder in

ESS 1.1.2 lookups

What lookups do external calls in the ESS 1.1.2 app?

by Splunk Employee in

ESS Training and Resources

Is there any good training or resources for ESS? My focus is on utilising ESS to develop relevant management dashboar...

by Engager in

Does Splunk ESS include correlation rules for malware activities?

Does Splunk ESS include, out of the box - functionalities that do not require any additional installation, correlatio...

by Engager in

ESS SEP, Check Point and TippingPoint TA Filters

Hi, We're using the above and I was wondering if it is possible to filter out some unneeded event data to decrease...

by Contributor in

splunk entreprise security suite

how to download,install and configure splunk entreprise security suite app

by Explorer in

Why do external ESS links fail in IE?

When I try to navigate to an external link (iframe) such as Virus Bulletin in ESS using Internet Explorer, I get the ...

by Builder in

In ESS's Incident Review dashboard why do my checkbox selections dissapear?

I noticed some weirdness with the Incident Review check-boxes. Sometimes I will have 1 or more check-boxes selected, ...

by Builder in

In ESS why does clicking on a "View Full Results" link show 0 events?

On various dashboard panels I see "View Full Results" links. Certain links result in 0 search results. How could this...

by Builder in

Why do results differ between ESS Security Posture and Incident Review dashboards?

Sometimes when I drill down on information displayed in the Security Posture dashboard there is a different number of...

by Builder in

How do I suppress possible typo in web.conf for ESS on 4.2

When I start my Splunk server I see Possible typo in stanza [settings] in $SPLUNK_HOME/etc/apps/SplunkEnterpriseS...

by Builder in

How do I configure ESS to report on Splunk authentication messages

I noticed that "splunk" authentication does not show up in the Access Center or the Access Search views. What gives?

by Builder in

Enterprise apps

Is the enterprise apps (ess,pci) included in the cost for enterprise, or do you have to buy them additionaly?

by Path Finder in

Add a comment field to an event

A user would like to click on the down arrow to the left of an event and leave a comment. I think I have seen this de...

by Explorer in

Does Splunk ESS include coverage for FISMA compliancy?

Does Splunk ESS include coverage for FISMA compliancy? And if so, what specifically within the ESS suite is specific ...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

PCI Compliance 11.5 - Monitoring files for changes

ES2 app installer not finding 2.0.2

Splunk Enterprise Security & Transit Heavy-Forwarder

Field extractor is unusually slow

Splunk ES indexer deployment

App for Enterprise Security

ESS - Creating notable event filters

Enterprise Security Suite

Deselecting checkboxes do not deselect

High CPU and memory usage with ESS (Enterprise Security Suite)

Splunk ESS Error Message

ESS 1.1.2 lookups

ESS Training and Resources

Does Splunk ESS include correlation rules for malware activities?

ESS SEP, Check Point and TippingPoint TA Filters

splunk entreprise security suite

Why do external ESS links fail in IE?

In ESS's Incident Review dashboard why do my checkbox selections dissapear?

In ESS why does clicking on a "View Full Results" link show 0 events?

Why do results differ between ESS Security Posture and Incident Review dashboards?

How do I suppress possible typo in web.conf for ESS on 4.2

How do I configure ESS to report on Splunk authentication messages

Enterprise apps

Add a comment field to an event

Does Splunk ESS include coverage for FISMA compliancy?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

How to handle Defender Incidents/Alerts with ES No...

Splunk Enterprise Security API support for update ...

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions