Splunk Enterprise Security

Community Activity

Splunk Enterprise Security: How to retrieve ldap assets information? I tried to retrieve assets information of ldap so I used the search (I know that I must not to use search nt_host...)... by paola92 Explorer in Splunk Enterprise Security 09-19-2021 0 4	0	4
How to get a notable event's drilldown URL We're currently using Splunk ES, and would like to grab the link to a notable event's drilldown link on the ES Incide... by zyun Explorer in Splunk Enterprise Security 09-17-2021 0 1	0	1
Enterprise Security - Malware Operations - Clients By Product Version Hello! Can anyone please lend a hand with this issue? I'm still fairly new to this and am working my way through Fund... by securitypaul Explorer in Splunk Enterprise Security 09-17-2021 0 3	0	3
Why is "Threat file_intel" not capturing hash values from the Splunk search result? Hello, I wanted to reach out to you for assistance on Splunk ES threat_intel searches. Objective: We have endpoint ... by sayantabasak Explorer in Splunk Enterprise Security 09-17-2021 1 1	1	1
Cannot Set Up Splunk Enterprise Security Sandbox Hi,I want to set up my 7-day trial Splunk Enterprise Security Sandbox. But when I click the start trial. I am gettin... by mjgeneroso New Member in Splunk Enterprise Security 09-17-2021 0 0	0	0
Windows Data Mapping to the Update Data Model I'm in the process of implementing Splunk ES. We are using the Splunk_TA_windows and use the generate_windows_update... by dokaas_2 Communicator in Splunk Enterprise Security 09-16-2021 0 0	0	0
How do I make the correlation search generate notable event Hi,Based on my understanding, from the Splunk Guide, https://docs.splunk.com/Documentation/ES/6.6.0/Admin/Configureco... by xnx_1012 Explorer in Splunk Enterprise Security 09-16-2021 0 6	0	6
Notable Events in Incident Management Review not properly generated Hi to whomever find thisThe incident management review settings has repeated eventsWhat I did?I purpose logged in wit... by xnx_1012 Explorer in Splunk Enterprise Security 09-15-2021 0 0	0	0
Unable to rename app - Splunk Add On Builder After building a project/add-on based on the Standard naming convention of Splunk, i am facing the issue where i have... by vr2312 Builder in Splunk Enterprise Security 09-15-2021 0 2	0	2
Migrate ES correlation rules to a custom app I would have to move my custom Correlation rules to a custom TA-foo appMy correlation searches comprises of:custom r... by soumyasaha25 Contributor in Splunk Enterprise Security 09-15-2021 0 1	0	1
Inline table not showing in Correlation Search Email Notification I created a correlation search with only two pipes, table and rename. I added inline table to the email notification ... by hperez Explorer in Splunk Enterprise Security 09-13-2021 0 1	0	1
Notable event title not containing the variable. Hello all,I am struggling with customizing my Splunk ES's Incident Review panel. I have integrated Suricata IDS logs ... by b_chris21 Communicator in Splunk Enterprise Security 09-13-2021 0 1	0	1
How do I view the Server classes in Deployment server & see their details of what they contain? Thank u very much I am getting started using DS to deploy new configurations to UFs. Need to view the list of Server classes , what the... by SamHTexas Builder in Splunk Enterprise Security 09-13-2021 0 2	0	2
How can I monitor VMware Horizon View with Splunk? I’m running VMWare Horizon View 7 in my organization. Now with COVID-19 Shelter in place we all need to WFH. How do I... by canalesjac Path Finder in Splunk Enterprise Security 09-10-2021 3 13	3	13
Do Datasets in ES ever need updating? How do I update the ones that need it please? Thank u in advance. I notice some include .csv files. Do these .csv s need updating? Or do they stay stale? How are Data sets updated? Pl... by SamHTexas Builder in Splunk Enterprise Security 09-10-2021 0 3	0	3
Macro definition = () Hi all,Just note that the macro 'cim_Authentication_indexes` of Splunk_SA_CIM has definition like following:[cim_Auth... by stwong Communicator in Splunk Enterprise Security 09-09-2021 0 6	0	6
Cannot create Notable Event Hello, Whenever I tried to create a notable event by "Configure -> Incident Management -> New Notable Event", the web... by xnx_1012 Explorer in Splunk Enterprise Security 09-09-2021 0 0	0	0
HTML Web form Hello Splunkers, I am looking for an html page in a dashboard with ID, ID_Name, an other fields with Text box, dropdo... by vamshikn72 Explorer in Splunk Enterprise Security 09-08-2021 0 0	0	0
Trend Micro Apex One How can I integrate Trend micro apex one with Splunk Enterprise? by akashsaxena454 New Member in Splunk Enterprise Security 09-08-2021 0 0	0	0
how we can regenerate manifest file whiteout copy from other splunk I see this :/opt/splunk/etc/apps/splunk_essentials_8_2/appserver/static/exampleInfo.jsondiffers/opt/splunk/etc/apps/s... by saharzare Engager in Splunk Enterprise Security 09-07-2021 0 1	0	1
ES 6.2 Incident Review jumps to the top when selecting notable events Hi,Ever since upgrading to ES 6.2, there has been a problem bugging our team.Whenever we select one of the notable ev... by momomok Loves-to-Learn in Splunk Enterprise Security 09-05-2021 0 0	0	0
How to update an existing threat intel collection row on splunk ESS portal? I can CRUD threat intel collection rows with ESS REST API(such as /services/data/threat_intel/item/ip_intel), and I c... by StanD3sec Loves-to-Learn in Splunk Enterprise Security 09-03-2021 0 0	0	0
Need help with KVstore please. Why do I get "This health check item is not applicable" in MC while I have many KVstores? Need help with KVstore status. Why do I get "This health check item is not applicable" in MC in my ES while I have ma... by SamHTexas Builder in Splunk Enterprise Security 09-03-2021 0 1	0	1
Asset and Identity management multi valued Identity: 314 assets are currently exceeding the field limits set in the Asset and Identity Management page. Data tru... by inayath_khanin1 Explorer in Splunk Enterprise Security 09-03-2021 0 2	0	2
CIM: event goes to node All_Changes instead of All_Changes.Endpoint_Changes Hi,I want to see my data in the ES dashboard Security Domains -> Endpoint -> Endpoint Changes.I created the following... by dominikatvastli Path Finder in Splunk Enterprise Security 09-03-2021 0 2	0	2