Splunk Enterprise Security

Discussions

Thread Info

A Necessity of use cases related to Nessus and Windows.

Hi all, We have the necessity to implements alerts related to Nessus scans and Windows systems. We have seen a few of...

by New Member in

CIM compliance of data from two different sources

I have two set of questions on which I am looking for inputs. 1. I have data from multiple tables for an application....

by Path Finder in

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

I would like to be able to restrict the KPIs of a glass table in ES on refresh interval. The refresh interval can...

by Explorer in

Splunk business questions

Hi Guys I am working for a new client that wants me to develop a monthly report/dashboard for their business. I am tr...

by Explorer in

How to upgrade splunk enterprise and enterprise security?

I have to upgrade splunk enterprise (from 7.2.6 to 8.0.1 ) and enterprise security (from 5.3.0 to 6.0.0) I am followi...

by Explorer in

Splunk Enterprise security version 6 having issues

Splunk Enterprise security version 6 having issues we get the errors in incident review with the SA-Threat Intell...

by New Member in

how to create incident from an triggered alert

Hi, I'm trying to create a alert action to create a incident when any alert gets triggered. Whats the best way to...

by Explorer in

How to control Report time range

I have some saved Splunk reports. I am calling these reports every hour by JAVA API call. If any hour due to some iss...

by Communicator in

ERROR X509 - X509 certificate alternate namedid not match any allowed names

Hi All, I have this issue that device is not logging to splunk. When I checked the splunkd.log I have found this e...

by New Member in

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Hi, So, I have got 2 instances of Cisco Firepower management centers. I need to connect these 2 FMCs to our eStreamer...

by New Member in

Where to install Phantom Remote Search

Does the Phantom Remote Search app get installed on my Enterprise Security Search Head, a HEC server, or another serv...

by Explorer in

Free Courses for government personnel?

Does Splunk offer any additional courses for government personnel? Kind Regards, Mike

by New Member in

Splunk Enterprise Security Threat Intelligence does not have field "Organization"

From my threat intel source, we tried to forward the intelligence source to Splunk ES-> Threat Intelligence The ra...

by New Member in

Setup multiple layouts in ES incident review for various users

How to customize the ES Incident Review in a way: 1) Once logged in, users can only see the Incident Review Dashboard...

by Engager in

Splunk Enterprise Security: Is it possible to implement multi-tenancy in a distributed search environment?

Hello everybody. I deployed a Splunk Enterprise Security in a distributed environment for our customer. He also h...

by Communicator in

Universal Fowarder: Upgrade and switch to low privilege mode

Hey All, We are planning on moving all of our UF's to the low priv mode install but I had a question. Our curre...

by Builder in

Log Parsing is not happening for PaloAlto logs

Palo Alto firewall device (IPS and IDS only) is sending logs to rsyslog server and it gets saved in a directory. The ...

by Path Finder in

Need help with Configuring Splunk Add-on for Cisco ESA

Hello All, I have been going through Multiple posts but still not able to configure my Splunk Add-on for Cisco ESA...

by Explorer in

Problem integrating Infoblox in Splunk

Good Morning, I am implementing Infoblox logs in Splunk and it is giving me problems. I have 3 Splunk machines, on...

by New Member in

Enterprise Security: Why is signature a recommended field according to the cim validator?

The cim validator shows the signature field as a recommended field for the Authentication datamodel while the followi...

by Motivator in

Splunk Enterprise Security

Discussions

A Necessity of use cases related to Nessus and Windows.

CIM compliance of data from two different sources

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

Splunk business questions

How to upgrade splunk enterprise and enterprise security?

Splunk Enterprise security version 6 having issues

how to create incident from an triggered alert

How to control Report time range

ERROR X509 - X509 certificate alternate namedid not match any allowed names

How to connect multiple instances of Cisco Firepowers to Splunk using eStreamer enCore

Where to install Phantom Remote Search

Free Courses for government personnel?

Splunk Enterprise Security Threat Intelligence does not have field "Organization"

Setup multiple layouts in ES incident review for various users

Splunk Enterprise Security: Is it possible to implement multi-tenancy in a distributed search environment?

Universal Fowarder: Upgrade and switch to low privilege mode

Log Parsing is not happening for PaloAlto logs

Need help with Configuring Splunk Add-on for Cisco ESA

Problem integrating Infoblox in Splunk

Enterprise Security: Why is signature a recommended field according to the cim validator?

How to create object of Glass Table

Incident Review page has been loading

entitymerge for identity_lookup_expanded doesn't p...

Host Header Attack

Malicious