Splunk Enterprise Security

Discussions

Thread Info

Remove Entry From Incident Review Search List

An alert was deleted...it no longer shows up under Content Management, but it still shows up under the Incident Revie...

by New Member in

Bulk manage adaptive response (send email) for Content Management in ES

Since I have gone through and tuned a lot of the Content in ES, I am looking to see if anyone knows of a Bulk way to ...

by Explorer in

Using Splunk Stream Aggregation with Network Resolution Data Model

Hi, We are using Splunk Stream to get DNS logs into Splunk and it maps seamlessly with the Network Resolution Data ...

by Builder in

CIM help

I'm reviewing the logs to make sure the fields match the Splunk Enterprise Security CIM and datamodels. The query s...

by Builder in

How to fetch configured correlation data, query notable events, including associated correlation rules for an app?

How to fetch configured correlation data, Query notable events, including associated correlation rules for an app?

by Explorer in

Multiple incident creation on servicenow through splunk

Hi All, @renjith_nair I'm working on a requirement to create a Splunk ...

by Engager in

Accelerating CIM Validation (S.o.S.) datamodel results in error

After accelerating the CIM Validation (S.o.S.) DM and upon checking the pivot for any of the datasets results in an e...

by Motivator in

How to use a heavy forwarder to collect asset and identity information for Splunk Enterprise Security on Splunk Cloud?

HI! I'm following the following directions to try and set up assets and identities for Splunk Enterprise Security ...

by Explorer in

Strategies for populating watchlist field in Assets and Identity Framework

Can anyone please share some best practise or your own preferred method for populating the watchlist field in the ass...

by Motivator in

Splunk Fundamentals 1 Expired

I registered for the free splunk fundamentals one course. I was unable to complete it before it expired. How do I re-...

by New Member in

Normalize action field values

I have an index called firewall and sourcetypes of Palo Alto, Checkpoint and Fortinet routersThe configuration was ca...

by Builder in

found x unexpected values

I am using the APP "SA-cim_vladiator" and this message appears indicating that it has found unexpected values In th...

by Builder in

Does Splunk ES need the add-on and app or just the add-on?

Working on a new ES install. Does the ES search head need the app and add-on for each technology or just the add-on? ...

by Communicator in

Dedup with removal of null columns

I have a fairly complex query that ultimately outputs a large table with 23 fields and several dozen rows. Since the ...

by Engager in

Splunk Search from Command Line

Hi,I am trying to execute a simple Splunk search from command prompt using CURL.I am using a simple search command li...

by New Member in

Notable events aren't shown in Incident Review

I created correlation search and add Notable action as "Adaptive Response Actions". By running search there are som...

by Loves-to-Learn Everything in

Displaying an investigation on the Incident Review Dashboard

If I decided to create an Investigation in Splunk ES via the Investigation Workbench from the Investigations page ("C...

by Communicator in

How to calculate "ES volume in GB" given on the Instructions tab of the Splunk Cloud Migration Assessment App ?

by Motivator in

How to normalize the timechart data by time

I use the timechart to analyze the data and I want to normalize the data in the timechart ... | timechart span=3d c...

by Explorer in

Confirm data is in Splunk Enterprise security

Hi splunkers, I run splunk cloud and recently worked with Support to install Splunk Enterprise Security. Within ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Remove Entry From Incident Review Search List

Bulk manage adaptive response (send email) for Content Management in ES

Using Splunk Stream Aggregation with Network Resolution Data Model

CIM help

How to fetch configured correlation data, query notable events, including associated correlation rules for an app?

Multiple incident creation on servicenow through splunk

Accelerating CIM Validation (S.o.S.) datamodel results in error

How to use a heavy forwarder to collect asset and identity information for Splunk Enterprise Security on Splunk Cloud?

Strategies for populating watchlist field in Assets and Identity Framework

Splunk Fundamentals 1 Expired

Normalize action field values

found x unexpected values

Does Splunk ES need the add-on and app or just the add-on?

Dedup with removal of null columns

Splunk Search from Command Line

Notable events aren't shown in Incident Review

Displaying an investigation on the Incident Review Dashboard

How to calculate "ES volume in GB" given on the Instructions tab of the Splunk Cloud Migration Assessment App ?

How to normalize the timechart data by time

Confirm data is in Splunk Enterprise security

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Failed to fetch data: Unable to get wmi classes fr...

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...