Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Extracting field with different type of data

Hi All, Hope you all are doing good. I am trying to extract a field which the different types of data. I want to ...

by Explorer in

Visualisation : Single Value with Trendline

Hi, Im trying to create a single value with trendline visualisation, where I want to compare the difference between...

by Path Finder in

How to know all the Contents created from a specific data model in Splunk Enterprise Security ?

I want to list all the 'Authentication' related content we have created in the ES App.Is there any SPL query to get t...

by Contributor in

Authentication Data model duplication of logs issue from 2 sourcetypes

I have one 1 primary index namely azure with 2 sourcetypes namely: mscs:kube-good and mscs:kube-audit-good. I believ...

by Path Finder in

How do I lookup the Name & IP addresses of my Splunk instances. Am using the following for ES but don't get the IP. Thx

The following do not give the IP for the Splunk Enterprise Security (ES). Is there a better SPL to provide the list o...

by Builder in

How to troubleshoot when KVStore is failed

Hi, I deployed Splunk distributed topology. Now my server Search Head has issue: KVStore is on failed state (it mak...

by Explorer in

Threat Activity Detected Notable not triggered

Hello everyone, I have added an IP on local_intel_ip.csv and it now appears on Threat Artifact panel. The correlati...

by Communicator in

I am setting up Authentication datamodel that have Default, insecure and Privileged Authentication

How will I set up a data model that has Authentication and sub-sessions Default, insecure and Privileged Authenticati...

by Path Finder in

Notable urgency not registering correctly

Hi, According to the Splunk Docs page How urgency is assigned to notable events in Splunk Enterprise Security if I ...

by Communicator in

Add-on for Atlassian JIRA Service Desk alert action : Jira ticket creation from Splunk failed

Hi, i m getting the below error when i m trying to create a ticket from splunk. i m passing this value in custom fiel...

by Observer in

What is the purpose of ess_admin role in splunk ES when it is advised not to assign it to users?

I'm trying to get why ess-admin role is present when it should not be assigned to users?

by Explorer in

Splunk Integration with CAUIM monitoring tools

Hi There Experts , In our current environment we have Splunk Integration with CA UIM monitoring tools to send Splu...

by Loves-to-Learn in

Looking for O365 use cases in Splunk

I am looking for O365 use cases related to MS teams, Sharepoint, Exchange , One drive, Currently data is populate in ...

by Path Finder in

Can I create out of box use cases from Splunk CIM data models ?

Is it possible to use data models from Common Information Model to use cases in splunk, if so, how can we do that

by New Member in

Default Threat Intelligence feeds not visible in ES

Hello,As per ES official documentation, it says below threat intel feeds are enabled by default. Mozill...

by Builder in

Splunk correlation search with throttling generating duplicates on an ES clustered environment

We recently moved from a stand-alone ES splunk search head to a clustered splunk ES search head, and we've started to...

by Contributor in

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

What is the latest stable release of splunk 8.x? We are planning a version upgrade from 7.3.5 to 8.x. I have heard ...

by Communicator in

How to remove the unwanted threat group and threat category list from the dropdown of the threat activity feed? And also how to remove the data from ip_intel list ?

HI Splunkers, In our environment, We have couple of unwanted threat groups and threat category list populated in t...

by Path Finder in

Can I convert duration in minutes into days, hours, minutes

Hi, I have a final value in minutes, but I'd like to display this in a more user friendly manner, i.e; 1680 min...

by Path Finder in

Status Changing on Old Notable Events

When we create new alerts for testing, we have the correlation search create the notable event with a status of "Test...

by Engager in

ServiceNow Event Integration

Hi Splunkers, How to create Incidents on SNOW from Splunk SPL? We have "ServiceNow Event Integration" alert action in...

by Explorer in

updated to newer SES version = added step when editing a notable :(

so before the update (was v6.4.1) we would edit the incident in 'incident review' -> add a comment or change some st...

by New Member in

Setup Validation & Review

Hi All,Any advice on how to go about finding coverage gaps in a typical ES installation ?We r ingesting logs from AWS...

by Builder in

In Intelligence Downloads setting what is Maximum age?

When I configuring threat feeds in ES . In Intelligence Downloads setting there is Maximum age for threat intel dow...

by Loves-to-Learn Lots in

How do I configure MC to show me the Alerts & warnings I get on the Enterprise Security (ES)? Thanks a million.

I have Monitoring Console in distributed mode on my Cluster Master. Need to learn how do I configure it to show Alert...

by Builder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Extracting field with different type of data

Visualisation : Single Value with Trendline

How to know all the Contents created from a specific data model in Splunk Enterprise Security ?

Authentication Data model duplication of logs issue from 2 sourcetypes

How do I lookup the Name & IP addresses of my Splunk instances. Am using the following for ES but don't get the IP. Thx

How to troubleshoot when KVStore is failed

Threat Activity Detected Notable not triggered

I am setting up Authentication datamodel that have Default, insecure and Privileged Authentication

Notable urgency not registering correctly

Add-on for Atlassian JIRA Service Desk alert action : Jira ticket creation from Splunk failed

What is the purpose of ess_admin role in splunk ES when it is advised not to assign it to users?

Splunk Integration with CAUIM monitoring tools

Looking for O365 use cases in Splunk

Can I create out of box use cases from Splunk CIM data models ?

Default Threat Intelligence feeds not visible in ES

Splunk correlation search with throttling generating duplicates on an ES clustered environment

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

How to remove the unwanted threat group and threat category list from the dropdown of the threat activity feed? And also how to remove the data from ip_intel list ?

Can I convert duration in minutes into days, hours, minutes

Status Changing on Old Notable Events

ServiceNow Event Integration

updated to newer SES version = added step when editing a notable :(

Setup Validation & Review

In Intelligence Downloads setting what is Maximum age?

How do I configure MC to show me the Alerts & warnings I get on the Enterprise Security (ES)? Thanks a million.

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions