Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
samogar

Enterprise Security Sandbox Not Available

Hi, I have been trying to deploy the Enterprise Security 7 days free trial Sandbox for days now without success. Each...
by samogar New Member in Splunk Enterprise Security 01-13-2022
0 0
0
0
SamHTexas

Need help with steps for file monitoring on Windows server for Splunk use. I found the following link. Too generic. Thx

Have a few Windows server that I need to enable file monitoring on to be sending logs to Splunk Ent. server. I could ...
by SamHTexas Builder in Splunk Enterprise Security 01-12-2022
0 1
0
1
Stefanie

Error when polling TAXII feeds with Enterprise Security

I am unable to make the Threat Intelligence input for hailataxii work using on-prem Splunk Enterprise. Splunk Enterpr...
by Stefanie Builder in Splunk Enterprise Security 01-10-2022
0 0
0
0
neerajs_81

Proofpoint ET or VirusTotal Adaptive Response action

Hello , Has anyone configured Proofpoint ET or VirusTotal Adaptive response action in ES ?  Basically look up the des...
by neerajs_81 Builder in Splunk Enterprise Security 01-10-2022
0 0
0
0
thatsabhijeet

How to pass Multiple Values in a single token of drilldown

<query>index=index_test| dedup empID| eval tot = case (match('call.code' , "1") OR match('call.code' , "2") OR match(...
by thatsabhijeet Explorer in Splunk Enterprise Security 01-06-2022
0 0
0
0
SamHTexas

Why shouldn't one copy or Synch Splunk Enterprise Reports to ES? It is not recommended why please? Thanks

I have read on Splunk.com that Ent. reports don't satisfy use cases the ones on the ES. And that they should not be c...
by SamHTexas Builder in Splunk Enterprise Security 01-06-2022
0 1
0
1
StepbyStep82

External Reverse DNS Lookup

I'm pretty new to Splunk and have currently been tasked to startup an App and am outfitting a dashboard for my team.I...
by StepbyStep82 New Member in Splunk Enterprise Security 01-05-2022
0 0
0
0
dan_

Is it possible, not to edit notable ownership once the notable already assigned to some other owner

Hi All,In Splunk, is it possible to keep restriction not to edit ownership once the notable already assigned to some ...
by dan_ Loves-to-Learn Lots in Splunk Enterprise Security 01-04-2022
0 0
0
0
NightShark

Notable Event Triggers but Related Query Fails to Run

Greetings Splunkers,I have recently started having triggered alerts from a couple of correlation searches that when a...
by NightShark Path Finder in Splunk Enterprise Security 01-04-2022
0 0
0
0
SamHTexas

Is there a SPL to list the Reports that run on the Enterprise with errors / don't run due to the errors?

We have a ton or reports on the Splunk Ent. & I need to find if any are not finishing due to an error. Some reports a...
by SamHTexas Builder in Splunk Enterprise Security 01-04-2022
0 2
0
2
SamHTexas

How do I Synchronizes Reports on the Splunk Enterprise with ES (Ent. security). Thx a million

I have a ton or reports on the Ent. & like to synch them with ES to save time recreating them. Which is better synchi...
by SamHTexas Builder in Splunk Enterprise Security 01-04-2022
0 3
0
3
0x33kdg

Integration with Obstracts into ES (TAXII 2.1)

Hi, I checked Splunkbase for an integration with an intel feed reader we use, Obstract (https://www.obstracts.com/), ...
by 0x33kdg New Member in Splunk Enterprise Security 01-03-2022
0 0
0
0
So76

Splunk ES issue

Need help on enterprise security. Is there a way to create a standard TAXII Parser that can do correlation searches o...
by So76 Explorer in Splunk Enterprise Security 01-02-2022
0 1
0
1
russell120

Why does Splunk search less events in the last 30 days (950k) vs the last 7 days (24million)?

I have a strange issue where when I run a tstats query against a data model for the last 7 days in smart mode, 24mill...
by russell120 Communicator in Splunk Enterprise Security 01-02-2022
1 1
1
1
sdawood

:/services/data/threat_intel/ endpoint not found

I assume that I need to install Splunk Enterprise Security 1. Is my assumption correction?2. It says Contact Sales wh...
by sdawood Engager in Splunk Enterprise Security 12-31-2021
0 1
0
1
javierssh

Requesting for Enterprise Security Trial to no avail

Hi, I am trying to utilize the Splunk Enterprise Security 7-Day Trial, through this link:https://www.splunk.com/en_us...
by javierssh New Member in Splunk Enterprise Security 12-30-2021
0 0
0
0
mtaylor10

Exclude results from tstats

I have a correlation search created.  However, I want to exclude files from being alerted upon.  I have an lookup fil...
by mtaylor10 Engager in Splunk Enterprise Security 12-29-2021
0 2
0
2
ganesh_crms

Splunk ES sandbox

how to get splunk ES 7-Day sandbox?
by ganesh_crms New Member in Splunk Enterprise Security 12-28-2021
0 1
0
1
alan_s

Splunk Enterprise Security Incident_review very very slow

When restart the search head,Incident_review very very slow
by alan_s Loves-to-Learn in Splunk Enterprise Security 12-28-2021
0 0
0
0
wgawhh5hbnht

How to set up shared datamodels

We have a SHC of three members & 1 Enterprise Security. Prior to 8.0 each were running their own datamodels. Now that...
by wgawhh5hbnht Communicator in Splunk Enterprise Security 12-28-2021
1 1
1
1
shaquibk

Improve search performance

Hi All,I need to improve the performance of my below search, which currently completes in about 132sec. The search lo...
by shaquibk Explorer in Splunk Enterprise Security 12-28-2021
0 3
0
3
SamHTexas

How do I find causes or Event processing errors I get on the ES please. Thx a mil.

I have started getting Event processing errors in the MC & messages on the ES main page. I looked for skipped & delay...
by SamHTexas Builder in Splunk Enterprise Security 12-22-2021
0 1
0
1
FloSwiip

[Bug] Download threat intelligence feed ignoring Timeout setting

Hello, Working on a threatq list which takes more than 1min to be generated, I was always looping in splunk with : ...
by FloSwiip Path Finder in Splunk Enterprise Security 12-22-2021
1 2
1
2
SamHTexas

Need help with a solution for errors I get downloading 60,000-100,000 search results on the ES please. Thanks a million

Need help with a solution for errors I get saying "unrecoverable in the server.....Python 3.x.... " when downloading ...
by SamHTexas Builder in Splunk Enterprise Security 12-21-2021
0 0
0
0
SamHTexas

What is best as MS Azure Alerts Add-on for ES? There are 2 in Splunbase.com but with 0 installs. Please advise. Thx

I am looking for a great Alert manager Add-on for ES. To ingest MS Azure AD Alerts data into ES. There are 2 of them ...
by SamHTexas Builder in Splunk Enterprise Security 12-21-2021
0 0
0
0
Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...