Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
emkaxon

Splunk generating multiple artifacts in phantom

Hello, We're facing an issue when events are forwarded from splunk to phantom, multiple artifacts are being generate...
by emkaxon New Member in Splunk Enterprise Security 03-22-2022
0 6
0
6
samin

Is there an ES alternative for the use case 'New Cloud API Call Per Peer Group'

Is there any Enterprise Security (ES) alternative of the use case 'New Cloud API Call Per Peer Group'?  
by samin Engager in Splunk Enterprise Security 03-20-2022
0 0
0
0
beano501

How do I add a CIM Change Model and EventCode 4732 (A member was added to a security-enabled local group)

Running CIM 5.0 and was looking to do some reporting on users/groups added to security groups (information provided b...
by beano501 Explorer in Splunk Enterprise Security 03-19-2022
0 0
0
0
PebbleHG

Is it possible to auto-assign notables in Enterprise Security?

I have a team that wants specific notables to be automatically assigned to specific team members. Is this even possi...
by PebbleHG Engager in Splunk Enterprise Security 03-18-2022
0 2
0
2
jpatwary

Splunk Add-on for AWS - aws_description_tasks endpoint?

When trying to enable aws_description_tasks, I'm finding it in the logs that it is erroring out due to 'Connection re...
by jpatwary New Member in Splunk Enterprise Security 03-17-2022
0 0
0
0
nabeel652

What does rt-5m@m to rt-65m@m time-range mean?

Hi Guys In Splunk ES there is correlation search "Excessive Failed Logins" which has time range set to latest=rt-5m@...
by nabeel652 Builder in Splunk Enterprise Security 03-17-2022
0 6
0
6
jkaracan

Splunk Security Announcement Page no longer available

Hi Team,We notice that the page below is no longer available.https://www.splunk.com/en_us/product-security/announceme...
by jkaracan Loves-to-Learn in Splunk Enterprise Security 03-16-2022
0 1
0
1
kokanne

Can you help me create a usecase that will alert when a string of failed logins is followed by a successful login?

I'm trying to make a usecase where it will alert when there are several attempts of failed logins and one of them suc...
by kokanne Communicator in Splunk Enterprise Security 03-16-2022
0 6
0
6
南盾

邮件发送问题

配置了smtp域名,为什么报警邮箱收不到 
by 南盾 Observer in Splunk Enterprise Security 03-15-2022
0 0
0
0
canalesjac

How do I get Solarwinds data into Splunk with Syslog?

I would like retrieve data from Solarwinds when events trigger via Syslog. I know you can use the Solarwinds Splunk A...
by canalesjac Path Finder in Splunk Enterprise Security 03-15-2022
0 5
0
5
hettervik

Is there any way to add a custom time to a notable event in Splunk ES?

In Splunk ES we have correlation searches creating notable events. The timestamp of the notable event, and thus the t...
by hettervik Builder in Splunk Enterprise Security 03-15-2022
0 0
0
0
sandyvaldez

How to stop ingesting from 1 of 4 firewalls?

I need to stop ingesting from 1 of 4 of my firewalls. The path of our architecture is  firewalls >>>syslog>>>>deploym...
by sandyvaldez Loves-to-Learn in Splunk Enterprise Security 03-11-2022
0 3
0
3
b_chris21

How to troubleshoot the Adaptive Response script not running?

Hello everyone, I have set an Adaptive Response Action (custom bash script) along with a Notable event on a simple co...
by b_chris21 Communicator in Splunk Enterprise Security 03-11-2022
0 3
0
3
woodcock

Which app(s) for Microsoft Windows Defender ATP?

I see 3 different apps from 3 different authors on splunkbase for Microsoft Windows Defender ATP ; which one is the o...
by Esteemed Legend in Splunk Enterprise Security 03-09-2022
1 5
1
5
chidiuchegbu

Splunk Add on for Microsoft ATP Endpoint: Which add-ons are CIM ready?

I have setup Microsoft defender for endpoint inputs with many add on but It looks as though most of the add on are no...
by chidiuchegbu Loves-to-Learn Everything in Splunk Enterprise Security 03-08-2022
0 0
0
0
sshukla2505

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Hi, So, I have got 2 instances of Cisco Firepower management centers. I need to connect these 2 FMCs to our eStreamer...
by sshukla2505 New Member in Splunk Enterprise Security 03-04-2022
0 9
0
9
ritesh5040

Integration of EPM SaaS with SPLUNK- Which firewall port is used? and what is the volume of events?

1.Which firewall port is used for SPLUNK integration with EPM SaaS?2.Any idea about the volume of events received in ...
by ritesh5040 Loves-to-Learn in Splunk Enterprise Security 03-03-2022
0 0
0
0
b_chris21

Is there a way to optimize correlation search with tstats?

Hello everyone, I have a correlation search setup to detect Suricata IDS alerts of a specific severity and trigger a ...
by b_chris21 Communicator in Splunk Enterprise Security 03-03-2022
0 1
0
1
bapun18

How to export and print a splunk dashboard in python?

I want to export the result of a Splunk dashboard and authentication would be via SSO/SAML. I can provide the usernam...
by bapun18 Communicator in Splunk Enterprise Security 03-01-2022
0 0
0
0
beano501

Can I inherit from the CIM Model?

We have lots of firewalls (both internal and internet facing) feeding into our CIM Network_Traffic Model within Enter...
by beano501 Explorer in Splunk Enterprise Security 03-01-2022
0 2
0
2
sohailmohammed

How to see newly created calculated field/field alias/field extraction in the logs ?

Hi All, I have created a newly created field/field alias/field extraction with GLOBAL Permissions.Example | eval test...
by sohailmohammed Path Finder in Splunk Enterprise Security 03-01-2022
0 0
0
0
michaeltayo

Sonultra TAXII: How to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service?

I am trying to add Threat Intelligence to my Splunk ES via the HISAC taxii discovery service I have set up the Intell...
by michaeltayo Explorer in Splunk Enterprise Security 02-24-2022
1 1
1
1
zacksoft_wf

Questions about Data Model new source addition.

I have  this 'Email' Data Model in ES. The model is populated by macro and tags(2 eventypes populated by saved search...
by zacksoft_wf Contributor in Splunk Enterprise Security 02-23-2022
0 9
0
9
Stefanie

Why is gia_summary index not populating?

I've been investigating why I started to not receive  ES events for some time now. After upgrading ES, I had to reins...
by Stefanie Builder in Splunk Enterprise Security 02-22-2022
0 1
0
1
sahana

How to use Time format picker

Hi, i have an requirement as like below. TimeStampLoginUsersAvg SLAMin SLA Max SLA20-02-2022 11:3035113.420-02-2022 1...
by sahana Engager in Splunk Enterprise Security 02-22-2022
0 2
0
2
Get Updates on the Splunk Community!

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Index This | What has goals but no motivation?

June 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...