Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
momomok

ES 6.2 Incident Review jumps to the top when selecting notable events

Hi,Ever since upgrading to ES 6.2, there has been a problem bugging our team.Whenever we select one of the notable ev...
by momomok Loves-to-Learn in Splunk Enterprise Security 09-05-2021
0 0
0
0
StanD3sec

How to update an existing threat intel collection row on splunk ESS portal?

I can CRUD threat intel collection rows with ESS REST API(such as /services/data/threat_intel/item/ip_intel), and I c...
by StanD3sec Loves-to-Learn in Splunk Enterprise Security 09-03-2021
0 0
0
0
SamHTexas

Need help with KVstore please. Why do I get "This health check item is not applicable" in MC while I have many KVstores?

Need help with KVstore status. Why do I get "This health check item is not applicable" in MC in my ES while I have ma...
by SamHTexas Builder in Splunk Enterprise Security 09-03-2021
0 1
0
1
inayath_khanin1

Asset and Identity management multi valued

Identity: 314 assets are currently exceeding the field limits set in the Asset and Identity Management page. Data tru...
by inayath_khanin1 Explorer in Splunk Enterprise Security 09-03-2021
0 2
0
2
dominikatvastli

CIM: event goes to node All_Changes instead of All_Changes.Endpoint_Changes

Hi,I want to see my data in the ES dashboard Security Domains -> Endpoint -> Endpoint Changes.I created the following...
by dominikatvastli Path Finder in Splunk Enterprise Security 09-03-2021
0 2
0
2
SamHTexas

Is it possible to find who & how Splunk Ent. or ES was restarted?

I getting indications that Splunk Ent. / ES was restarted. Is it possible to find when & by whom? Thank u very much f...
by SamHTexas Builder in Splunk Enterprise Security 09-02-2021
0 1
0
1
zacksoft_wf

Splunk DataModel Acceleration High Run time Issue

Out of the dataModels provided with Enterprise Security, one of the accelerated datamodel suddenly has a very high ru...
by zacksoft_wf Contributor in Splunk Enterprise Security 09-02-2021
0 5
0
5
zyun

Phantom: How to update an artifact in a Custom Function

I'm looking to update an artifact in a custom function. The closest thing that's supported is being able to update a ...
by zyun Explorer in Splunk Enterprise Security 09-01-2021
0 0
0
0
SamHTexas

Where do I find the macro "src_dest_tracker" listed in a Corr. search in ES to detect Spyware activity?

This posting did not let me share the search string due to it containing HTML code etc. Any advice is appreciated. Th...
by SamHTexas Builder in Splunk Enterprise Security 09-01-2021
0 0
0
0
SamHTexas

Pro's and Con's on Data model Acceleration. Please advise why or why not , should one accelerate them all?

Why should data models all be accelerated? What about the built-in Data Models?
by SamHTexas Builder in Splunk Enterprise Security 09-01-2021
0 1
0
1
clueless535627

Health Checks

from a SOC perspective what health checks are important for them to perform? i understand the basic checks from splun...
by clueless535627 New Member in Splunk Enterprise Security 08-30-2021
0 0
0
0
SamHTexas

How do I configure a Splunk App to use a certain Index? Thank u in advance - Much appreciated.

I need to learn the process of configuring an app to use a certain Index please. Thank u 
by SamHTexas Builder in Splunk Enterprise Security 08-25-2021
0 1
0
1
SocAnalyst

Alien Vault OTX check is not working

Hello sir,i just installed the add on "Alien vault check OTX" in my splunk enterprise.i have integrated my api key, b...
by SocAnalyst New Member in Splunk Enterprise Security 08-25-2021
0 0
0
0
VasukiPramod

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incident

Tokens in notable event titles and descriptions not getting expanded to include the values of the tokens on the Incid...
by VasukiPramod Explorer in Splunk Enterprise Security 08-24-2021
0 6
0
6
sahiltcs

Use cases for AliCloud

We have onboarded Alicloud data in Splunk and looking for use cases creation. Is there any ALicloud use cases doc for...
by sahiltcs Path Finder in Splunk Enterprise Security 08-24-2021
0 0
0
0
lucanzano

Reduce notable events

Hello, we have created many custom correlation searches in our client's deployed instance. Right now they are creatin...
by lucanzano Loves-to-Learn Everything in Splunk Enterprise Security 08-24-2021
0 3
0
3
beriwalnishant

Steby by Step Guide to use and build 'Summary Index'

Hello You all talented people out there, May I request someone to please help me with a reference link or a video tha...
by beriwalnishant Path Finder in Splunk Enterprise Security 08-23-2021
0 7
0
7
SamHTexas

Please tell me how / where do I get an API key for Splunk apps like MITRE ATT&CK. Due to an error I get.

I get error messages in ES saying the the API Key for app called MITRE ATT&CK needed to be corrected. I really have t...
by SamHTexas Builder in Splunk Enterprise Security 08-22-2021
0 0
0
0
jadengoho

Splunk Searches delayed

Hi All, I would like to ask why do we encounter this notification: Root Cause(s): The percentage of high priority s...
by jadengoho Builder in Splunk Enterprise Security 08-21-2021
0 10
0
10
Matth3w

Issues with Detect New Local Admin Account notables

Hello all,Our Splunk enterprise security uses the following correlation search for the  "Detect New Local Admin Accou...
by Matth3w New Member in Splunk Enterprise Security 08-20-2021
0 0
0
0
SamHTexas

Need help to add a field to my SPL to list reason for Failed skipped / Saved searches in ES. please see below. Thank u

I run the following to get a list of Saved / skipped searches thru the Monitoring console for my ES (Splunk ES). I ne...
by SamHTexas Builder in Splunk Enterprise Security 08-19-2021
0 4
0
4
prakashraja1999

use of metadata files under /etc/apps/appname/metada

what is the need of metadata files under /etc/apps/appname/metadata, why it is modified continuously?@all
by prakashraja1999 Loves-to-Learn Everything in Splunk Enterprise Security 08-18-2021
0 1
0
1
learnyboi1

Device discovery query

Hello!I was asked to find what IP addressable devices are listening on port 80 on our network. Can I find this inform...
by learnyboi1 Observer in Splunk Enterprise Security 08-17-2021
0 1
0
1
lksridhar

How to merge multiple lookup field values into single field value

Hi Folks,I have two lookup files which contain the user information such as username, email and company.for example:1...
by lksridhar Explorer in Splunk Enterprise Security 08-17-2021
0 1
0
1
efheem

Splunk ES - Detect Cleartext Passwords search not working

Hello,I have  the below use case to detect Cleartext Passwords at rest| from datamodel:"Compute_Inventory"."Cleartext...
by efheem Explorer in Splunk Enterprise Security 08-17-2021
0 1
0
1
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...
Top Solution Authors
View All