Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
mookiie2005

What is the latest stable release of splunk 8.x? I have heard of some stability issues.

What is the latest stable release of splunk 8.x?  We are planning a version upgrade from 7.3.5 to 8.x.  I have heard ...
by mookiie2005 Communicator in Splunk Enterprise Security 10-05-2021
1 1
1
1
renjujacob88

How to remove the unwanted threat group and threat category list from the dropdown of the threat activity feed? And also how to remove the data from ip_intel list ?

HI Splunkers, In our environment, We have couple of unwanted threat groups and threat category list populated in the...
by renjujacob88 Path Finder in Splunk Enterprise Security 09-30-2021
0 1
0
1
jacqu3sy

Can I convert duration in minutes into days, hours, minutes

Hi, I have a final value in minutes, but I'd like to display this in a more user friendly manner, i.e; 1680 minutes...
by jacqu3sy Path Finder in Splunk Enterprise Security 09-30-2021
0 11
0
11
skippycat

Status Changing on Old Notable Events

When we create new alerts for testing, we have the correlation search create the notable event with a status of "Test...
by skippycat Engager in Splunk Enterprise Security 09-30-2021
1 0
1
0
vamshikn72

ServiceNow Event Integration

Hi Splunkers, How to create Incidents on SNOW from Splunk SPL? We have "ServiceNow Event Integration" alert action in...
by vamshikn72 Explorer in Splunk Enterprise Security 09-28-2021
0 1
0
1
splunker1980

updated to newer SES version = added step when editing a notable :(

so before the update (was v6.4.1) we would edit the incident in 'incident review' ->  add a comment or change some st...
by splunker1980 New Member in Splunk Enterprise Security 09-27-2021
0 0
0
0
neerajs_81

Setup Validation & Review

Hi All,Any advice on how to go about finding coverage gaps in a typical ES installation ?We r ingesting logs from AWS...
by neerajs_81 Builder in Splunk Enterprise Security 09-27-2021
0 0
0
0
Pavankumar

In Intelligence Downloads setting what is Maximum age?

When I configuring threat feeds in ES . In  Intelligence Downloads setting there is Maximum age  for threat intel dow...
by Pavankumar Loves-to-Learn Lots in Splunk Enterprise Security 09-22-2021
0 1
0
1
SamHTexas

How do I configure MC to show me the Alerts & warnings I get on the Enterprise Security (ES)? Thanks a million.

I have Monitoring Console in distributed mode on my Cluster Master. Need to learn how do I configure it to show Alert...
by SamHTexas Builder in Splunk Enterprise Security 09-22-2021
0 1
0
1
zacksoft_wf

How to know where a particular eventtype is used ?

I have an eventtype that I want to delete, But before that I want to make sure that the eventtype isn't used anywhere...
by zacksoft_wf Contributor in Splunk Enterprise Security 09-21-2021
0 1
0
1
neerajs_81

Merge similar Notable events into one under Incident Review

Hi All,Under Incident Review, is there a way to merge/consolidate  triggered alerts of the same type and same host in...
by neerajs_81 Builder in Splunk Enterprise Security 09-21-2021
0 1
0
1
Denorsmith

Edit Action Dropdown on a notable event

I am trying to add a dashboard to the action dropdown when you are in incident review under specific notables. How do...
by Denorsmith Engager in Splunk Enterprise Security 09-21-2021
0 2
0
2
m1ster1985

Enerprise Security posture is empty

I have installed Enterprise Security App. I review Security Domain, in particular, Access and Network sections and I ...
by m1ster1985 Explorer in Splunk Enterprise Security 09-21-2021
0 6
0
6
Azeemering

Upload Threat Intelligence not working

Hi,I'm trying to upload a simple list of malicious filenames into ES Threat Intel.I have a csv file which I formatted...
by Azeemering Builder in Splunk Enterprise Security 09-20-2021
1 2
1
2
paola92

Splunk Enterprise Security: How to retrieve ldap assets information?

I tried to retrieve assets information of ldap so I used the search (I know that I must not to use search nt_host...)...
by paola92 Explorer in Splunk Enterprise Security 09-19-2021
0 4
0
4
zyun

How to get a notable event's drilldown URL

We're currently using Splunk ES, and would like to grab the link to a notable event's drilldown link on the ES Incide...
by zyun Explorer in Splunk Enterprise Security 09-17-2021
0 1
0
1
securitypaul

Enterprise Security - Malware Operations - Clients By Product Version

Hello! Can anyone please lend a hand with this issue? I'm still fairly new to this and am working my way through Fund...
by securitypaul Explorer in Splunk Enterprise Security 09-17-2021
0 3
0
3
sayantabasak

Why is "Threat file_intel" not capturing hash values from the Splunk search result?

Hello, I wanted to reach out to you for assistance on Splunk ES threat_intel searches. Objective: We have endpoint ...
by sayantabasak Explorer in Splunk Enterprise Security 09-17-2021
1 1
1
1
mjgeneroso

Cannot Set Up Splunk Enterprise Security Sandbox

Hi,I want to set  up my 7-day trial Splunk Enterprise Security Sandbox. But when I click the start trial. I am gettin...
by mjgeneroso New Member in Splunk Enterprise Security 09-17-2021
0 0
0
0
dokaas_2

Windows Data Mapping to the Update Data Model

I'm in the process of implementing Splunk ES.  We are using the Splunk_TA_windows and use the generate_windows_update...
by dokaas_2 Communicator in Splunk Enterprise Security 09-16-2021
0 0
0
0
xnx_1012

How do I make the correlation search generate notable event

Hi,Based on my understanding, from the Splunk Guide, https://docs.splunk.com/Documentation/ES/6.6.0/Admin/Configureco...
by xnx_1012 Explorer in Splunk Enterprise Security 09-16-2021
0 6
0
6
xnx_1012

Notable Events in Incident Management Review not properly generated

Hi to whomever find thisThe incident management review settings has repeated eventsWhat I did?I purpose logged in wit...
by xnx_1012 Explorer in Splunk Enterprise Security 09-15-2021
0 0
0
0
vr2312

Unable to rename app - Splunk Add On Builder

After building a project/add-on based on the Standard naming convention of Splunk, i am facing the issue where i have...
by vr2312 Builder in Splunk Enterprise Security 09-15-2021
0 2
0
2
soumyasaha25

Migrate ES correlation rules to a custom app

I would have to move my custom Correlation rules  to a custom TA-foo appMy correlation searches comprises of:custom r...
by soumyasaha25 Contributor in Splunk Enterprise Security 09-15-2021
0 1
0
1
hperez

Inline table not showing in Correlation Search Email Notification

I created a correlation search with only two pipes, table and rename. I added inline table to the email notification ...
by hperez Explorer in Splunk Enterprise Security 09-13-2021
0 1
0
1
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...
Top Solution Authors
View All