Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
b_chris21

Notable event title not containing the variable.

Hello all,I am struggling with customizing my Splunk ES's Incident Review panel. I have integrated Suricata IDS logs ...
by b_chris21 Communicator in Splunk Enterprise Security 09-13-2021
0 1
0
1
SamHTexas

How do I view the Server classes in Deployment server & see their details of what they contain? Thank u very much

I am getting started using DS to deploy new configurations to UFs. Need to view the list of Server classes , what the...
by SamHTexas Builder in Splunk Enterprise Security 09-13-2021
0 2
0
2
canalesjac

How can I monitor VMware Horizon View with Splunk?

I’m running VMWare Horizon View 7 in my organization. Now with COVID-19 Shelter in place we all need to WFH. How do I...
by canalesjac Path Finder in Splunk Enterprise Security 09-10-2021
3 13
3
13
SamHTexas

Do Datasets in ES ever need updating? How do I update the ones that need it please? Thank u in advance.

I notice some include .csv files. Do these .csv s need updating? Or do they stay stale? How are Data sets updated? Pl...
by SamHTexas Builder in Splunk Enterprise Security 09-10-2021
0 3
0
3
stwong

Macro definition = ()

Hi all,Just note that the macro 'cim_Authentication_indexes` of Splunk_SA_CIM has definition like following:[cim_Auth...
by stwong Communicator in Splunk Enterprise Security 09-09-2021
0 6
0
6
xnx_1012

Cannot create Notable Event

Hello, Whenever I tried to create a notable event by "Configure -> Incident Management -> New Notable Event", the web...
by xnx_1012 Explorer in Splunk Enterprise Security 09-09-2021
0 0
0
0
vamshikn72

HTML Web form

Hello Splunkers, I am looking for an html page in a dashboard with ID, ID_Name, an other fields with Text box, dropdo...
by vamshikn72 Explorer in Splunk Enterprise Security 09-08-2021
0 0
0
0
akashsaxena454

Trend Micro Apex One

How can  I integrate Trend micro apex one with Splunk Enterprise?
by akashsaxena454 New Member in Splunk Enterprise Security 09-08-2021
0 0
0
0
saharzare

how we can regenerate manifest file whiteout copy from other splunk

I see this :/opt/splunk/etc/apps/splunk_essentials_8_2/appserver/static/exampleInfo.jsondiffers/opt/splunk/etc/apps/s...
by saharzare Engager in Splunk Enterprise Security 09-07-2021
0 1
0
1
momomok

ES 6.2 Incident Review jumps to the top when selecting notable events

Hi,Ever since upgrading to ES 6.2, there has been a problem bugging our team.Whenever we select one of the notable ev...
by momomok Loves-to-Learn in Splunk Enterprise Security 09-05-2021
0 0
0
0
StanD3sec

How to update an existing threat intel collection row on splunk ESS portal?

I can CRUD threat intel collection rows with ESS REST API(such as /services/data/threat_intel/item/ip_intel), and I c...
by StanD3sec Loves-to-Learn in Splunk Enterprise Security 09-03-2021
0 0
0
0
SamHTexas

Need help with KVstore please. Why do I get "This health check item is not applicable" in MC while I have many KVstores?

Need help with KVstore status. Why do I get "This health check item is not applicable" in MC in my ES while I have ma...
by SamHTexas Builder in Splunk Enterprise Security 09-03-2021
0 1
0
1
inayath_khanin1

Asset and Identity management multi valued

Identity: 314 assets are currently exceeding the field limits set in the Asset and Identity Management page. Data tru...
by inayath_khanin1 Explorer in Splunk Enterprise Security 09-03-2021
0 2
0
2
dominikatvastli

CIM: event goes to node All_Changes instead of All_Changes.Endpoint_Changes

Hi,I want to see my data in the ES dashboard Security Domains -> Endpoint -> Endpoint Changes.I created the following...
by dominikatvastli Path Finder in Splunk Enterprise Security 09-03-2021
0 2
0
2
SamHTexas

Is it possible to find who & how Splunk Ent. or ES was restarted?

I getting indications that Splunk Ent. / ES was restarted. Is it possible to find when & by whom? Thank u very much f...
by SamHTexas Builder in Splunk Enterprise Security 09-02-2021
0 1
0
1
zacksoft_wf

Splunk DataModel Acceleration High Run time Issue

Out of the dataModels provided with Enterprise Security, one of the accelerated datamodel suddenly has a very high ru...
by zacksoft_wf Contributor in Splunk Enterprise Security 09-02-2021
0 5
0
5
zyun

Phantom: How to update an artifact in a Custom Function

I'm looking to update an artifact in a custom function. The closest thing that's supported is being able to update a ...
by zyun Explorer in Splunk Enterprise Security 09-01-2021
0 0
0
0
SamHTexas

Where do I find the macro "src_dest_tracker" listed in a Corr. search in ES to detect Spyware activity?

This posting did not let me share the search string due to it containing HTML code etc. Any advice is appreciated. Th...
by SamHTexas Builder in Splunk Enterprise Security 09-01-2021
0 0
0
0
SamHTexas

Pro's and Con's on Data model Acceleration. Please advise why or why not , should one accelerate them all?

Why should data models all be accelerated? What about the built-in Data Models?
by SamHTexas Builder in Splunk Enterprise Security 09-01-2021
0 1
0
1
clueless535627

Health Checks

from a SOC perspective what health checks are important for them to perform? i understand the basic checks from splun...
by clueless535627 New Member in Splunk Enterprise Security 08-30-2021
0 0
0
0
SamHTexas

How do I configure a Splunk App to use a certain Index? Thank u in advance - Much appreciated.

I need to learn the process of configuring an app to use a certain Index please. Thank u 
by SamHTexas Builder in Splunk Enterprise Security 08-25-2021
0 1
0
1
SocAnalyst

Alien Vault OTX check is not working

Hello sir,i just installed the add on "Alien vault check OTX" in my splunk enterprise.i have integrated my api key, b...
by SocAnalyst New Member in Splunk Enterprise Security 08-25-2021
0 0
0
0
VasukiPramod

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incident

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incid...
by VasukiPramod Explorer in Splunk Enterprise Security 08-24-2021
0 6
0
6
sahiltcs

Use cases for AliCloud

We have onboarded Alicloud data in Splunk and looking for use cases creation. Is there any ALicloud use cases doc for...
by sahiltcs Path Finder in Splunk Enterprise Security 08-24-2021
0 0
0
0
lucanzano

Reduce notable events

Hello, we have created many custom correlation searches in our client's deployed instance. Right now they are creatin...
by lucanzano Loves-to-Learn Everything in Splunk Enterprise Security 08-24-2021
0 3
0
3
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

[Puzzles] Solve, Learn, Repeat: Unmerging HTML TablesFor a previous puzzle, I needed some sample data, and ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...
Top Solution Authors
View All