Splunk Enterprise Security

Community Activity

Enterprise Security Incident Review - Incomplete list or correlation searches in filter Hi folks,A user in my company discovered that the pre-built list of Correlation-Searches in the filter on the Inciden... by rafiki Explorer in Splunk Enterprise Security 12-03-2021 1 5	1	5
Regex for CEF Hi SMEs, I am trying to write regex to parse/map CEF format fields as below. so that all corresponding fieldname can ... by pavanbmishra Path Finder in Splunk Enterprise Security 12-01-2021 0 2	0	2
The case of the reappearing roles - LDAP Mapping Hi All. Hopefully somebody has an answer to this.We are on v8.1.6 and in doing some security cleanup, I was removing ... by erikhansen29 New Member in Splunk Enterprise Security 11-30-2021 0 0	0	0
Databases group change Hi Splunkers,I'm in trouble with a correlation rule creation.The purposes of the rule is the following one: if a User... by SIEMStudent Path Finder in Splunk Enterprise Security 11-30-2021 0 0	0	0
delete top notable event from the "Top Notable Events" panel in ES Security Posture page I have disabled a few of the Correlation searches and would like to delete them from the "Top Notable Events" panel i... by soumyasaha25 Contributor in Splunk Enterprise Security 11-29-2021 0 0	0	0
Threat Intelligence custom feed error Hello,I just configured a new Custom Threat Intelligence feed in Splunk Enterprise Security and I'm getting a strange... by comantxe New Member in Splunk Enterprise Security 11-24-2021 0 0	0	0
What dependencies dose Splunk Security Essentials App (SSE) has on ES & ES content updates Apps? Thx a million Please help me with learning What dependencies dose Splunk Security Essentials App (SSE) has on ES & ES content updat... by SamHTexas Builder in Splunk Enterprise Security 11-24-2021 0 0	0	0
After Upgrading Splunk Enterprise Security, I am not receiving Incidents Hey!We upgraded to Splunk Enterprise Security to the latest version a few weeks ago.Before, it was on Version 4.x I b... by Stefanie Builder in Splunk Enterprise Security 11-23-2021 0 1	0	1
Splunk Notable Events not showing default owner Hello, Hope you are doing well!I have updated exiting correlation alert in Splunk as notable event which previously... by Prachi_Kothari Engager in Splunk Enterprise Security 11-22-2021 0 1	0	1
How to get powershell log on Webgui? Hi Everyone, I set splunk(on windows) lab envirement because try something threat activity.I need to take powershell ... by cybersej Observer in Splunk Enterprise Security 11-22-2021 0 0	0	0
Which fields are used for the identity comparison in Splunk ES? Hi, Within Splunk Enterprise Security, when the urgency of a notable event is calculated, the priority of the identi... by jacqu3sy Path Finder in Splunk Enterprise Security 11-16-2021 0 7	0	7
Does ES have all the features available in Splunk Security Essentials App? Does ES also comes with SSE app features like Analytics Advisor, Content Recommendations, Data inventory, CIM complia... by damode Motivator in Splunk Enterprise Security 11-15-2021 0 3	0	3
XML Field Extractions HI,I am having some logs comes with XML format for Privilaged Access Manager, i need to extract the fields by default... by pchintha Engager in Splunk Enterprise Security 11-14-2021 0 0	0	0
Data input error I tried to get data using Google Workspace Add-on, but the following error occurs. Could you please tell me how to re... by HA-01 Splunk Employee in Splunk Enterprise Security 11-14-2021 0 2	0	2
Equivalence between QRadar Event Category and Splunk Hi everybody.Currently, we have a task which involve QRadar correlation rules translation to SPlunk ones.The Splunk r... by SIEMStudent Path Finder in Splunk Enterprise Security 11-12-2021 0 0	0	0
Admin Role user cannot see specific Analyst user to assign notable to I have a problem where an admin role user cannot see another analyst user to assign specific notable events to. Howev... by NightShark Path Finder in Splunk Enterprise Security 11-12-2021 0 1	0	1
ES Search query Hey, has anyone created a search that merges an ipadd from threat intel and ipadd from azure so it'll trigger an aler... by So76 Explorer in Splunk Enterprise Security 11-12-2021 1 1	1	1
Splunk 8 python 2.7 for an app Hello, I'm trying to force an app to use python 2.7 on a Splunk 8 with enterprise security. The config in server.co... by cfcvendorsuppor Explorer in Splunk Enterprise Security 11-11-2021 1 9	1	9
Parsing the "_raw" field of Splunk Python SDK results Hi everyone,We're using the Splunk Python SDK to run queries in Splunk.However, we seem to be getting the results in ... by gkeller Explorer in Splunk Enterprise Security 11-10-2021 1 1	1	1
How to check whether splunk is getting data from the server or not ?? I have list of servers, I need a query to check whether splunk is getting data from the server or not ?? by prashant_001 Observer in Splunk Enterprise Security 11-10-2021 0 1	0	1
Incident Review page has been loading I install Splunk ES v5.3.1 on Enterprise v7.3.7.1, then I want to open "Incident Review".However the page has been lo... by kanam Loves-to-Learn Everything in Splunk Enterprise Security 11-08-2021 0 1	0	1
Splunk ES Sandbox What happened to the ES Sandbox? I can no longer find it to sign up for it. by andrew_burnett Path Finder in Splunk Enterprise Security 11-08-2021 0 0	0	0
Not all Additional fields showing up under Notable event Hello,I have followed https://docs.splunk.com/Documentation/ES/6.6.2/Admin/Customizenotables and created Additional F... by neerajs_81 Builder in Splunk Enterprise Security 11-05-2021 1 1	1	1
How to detect when correlation search was deativated or delited? Hello, For internal control, we have to monitor all deactivations and all suppressions of correlation searches. Unfo... by woodentree Communicator in Splunk Enterprise Security 11-05-2021 1 2	1	2
Splunk ES - Threat Intelligence TAXII feed not Working in Splunk Cloud Hey Guys, We are in a Splunk Cloud environment with ES, and we have added our own TAXII feed as well as some open sou... by sheenay Explorer in Splunk Enterprise Security 11-04-2021 1 3	1	3