Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Eventgen not taking my txt file from sample directory

Hi Everyone, I've added a txt file to SA-Eventgen sample folder and wrote the configuration in the eventgen.conf fi...

by Explorer in

Monitor network traffic

HI I would like to log network traffic for 10 servers in my environment for period of 60 day's and analyze it late...

by Engager in

Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

I tried to log into slunk enterprise and was told by 2 web browsers chrome and edge that the security certificate had...

by Explorer in

port scan across multiple "_time" spans

Hi all, using the following: ${index+sourcetype-information} NOT src_ip IN ("10.*","127.*","192.168.*","172.16.0.0/...

by Loves-to-Learn Lots in

Clarification on search query to detect outliers

Hello fellow splunkers, I would like to ask you something regarding the function that most of the al...

by Explorer in

ES Sandbox is not available

Hi, I went through the creation process of ES sandbox, but I haven't received any mail about the created sandbox. B...

by Engager in

Want help in creating Splunk Query with specific conditions?

Hi Splunk Members, Good Day! I am looking for support to create a query with Windows Security Events Logs. Basica...

by Loves-to-Learn Lots in

Restrictions filter - Role restrict search

I created a Role with the following restriction: 1- origen::chile OR ( index::_audit AND user="secchi") But still...

by Loves-to-Learn Lots in

Using Authentication for Enterprise Security Threat Intelligence Feeds

Hey guys, I'm trying to add new threat feeds via ES Threat Intel Download. One of the feeds requires API token aut...

by Engager in

What are the CIM fields created by the Windows TA?

Hi, I´m looking for a list of all CIM fileds that are created by the Windows TA... I can´t find any doku... T...

by Path Finder in

Possible for one Splunk ES for different Splunk Enterprise?

Hi, Currently, my company has 2 sites (let's say Site A and Site B), and each of them have their own Splunk Enterpr...

by New Member in

STIX TAXII Data Not Showing On Some Days

The FS-ISAC Threat Intelligence STIX TAXII has been enabled in our environment. We received all IOCs from 4/2 but did...

by New Member in

How to apply Throttling based on a condition for a notable event generation?

Requirement 1 :Eg : I have a correlation search which generates , 2000 events with in 24 hours with the same Title "I...

by Path Finder in

Azure query

Hello I have this query: "| tstats `summariesonly` values(Authentication.app) as app,count from datamodel...

by Explorer in

Splunk Enterprise Security: How to add fields to notable event after invoking adaptive response action?

Hi, I am wondering if it is possible to have my adaptive response actions append fields to the notable which trigg...

by Explorer in

How can we monitor if a user clicked on a phishing link or button in an email?

Hi everybody, We have a stream forwarder which sends every mail that enters in an index. It contains everything fro...

by Communicator in

list of events alerted last month

With this query I can see the notable events that are currently active. But not everyone has been alerted even if t...

by Contributor in

Splunk Enterprise Security installation error

I have created web.conf file with [settings] max_upload_size = 1024. But im getting error that says [The entity sent ...

by Observer in

JSON to CIM mapping

Hi All, We have a scripted input, which indexes JSON data into Splunk and using SPATH we have writing our correlat...

by Explorer in

Splunk Web scripts and Splunk enterprise Scripts

Can someone help me understand the difference between Splunk Web and Splunk enterprise? and the Python scripts that i...

by Observer in

Splunk Enterprise Security

Discussions

Eventgen not taking my txt file from sample directory

Monitor network traffic

Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

port scan across multiple "_time" spans

Clarification on search query to detect outliers

ES Sandbox is not available

Want help in creating Splunk Query with specific conditions?

Restrictions filter - Role restrict search

Using Authentication for Enterprise Security Threat Intelligence Feeds

What are the CIM fields created by the Windows TA?

Possible for one Splunk ES for different Splunk Enterprise?

STIX TAXII Data Not Showing On Some Days

How to apply Throttling based on a condition for a notable event generation?

Azure query

Splunk Enterprise Security: How to add fields to notable event after invoking adaptive response action?

How can we monitor if a user clicked on a phishing link or button in an email?

list of events alerted last month

Splunk Enterprise Security installation error

JSON to CIM mapping

Splunk Web scripts and Splunk enterprise Scripts

Is it possible to make it mandatory to assign Disp...

Unable to open some correlation rules in Splunk en...

PCI Compliance- Why is Incident Review blank?

Create Notable Event Error (reading 'value')

Using relative_time to filter results before writi...