Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
kagamalai

Fortigate App not working

HiThe Fortinet Fortigate App for Splunk not working and Dashboards are empty. I have installed both the app including...
by kagamalai Explorer in Splunk Enterprise Security 07-06-2021
0 0
0
0
emkaxon

JIRA-service-desk integration with Splunk

Hi guys,I have installed the TA-jira-service-desk-simple-addon on our Splunk instance and everything went well during...
by emkaxon New Member in Splunk Enterprise Security 07-03-2021
0 1
0
1
tcsalone

JIRA Service Desk: Adaptive Response Action Cannot Be Dispatched, Unexpected Token < in JSON at position 0

Hey Splunk friends, Very new customers to splunk.  Trying to find an easy way to create JIRA tickets from noteable ev...
by tcsalone New Member in Splunk Enterprise Security 07-03-2021
0 1
0
1
yanisA

Correaltion Search : Detect if an Acces Apache Log exist for a user who has triggered an event

Hello,We need to develop a Correlation Search to implement this algorithm :If a specific custom event (here tagged as...
by yanisA Explorer in Splunk Enterprise Security 06-29-2021
0 3
0
3
munna

how to give data to the Splunk Enterprise security app in the splunk

Hello,I have the Splunk ES app in my splunk enterprise. but i can't see the data in my splunk enterprise security app...
by munna Explorer in Splunk Enterprise Security 06-28-2021
0 7
0
7
Aroot002

Making Dashboard from Incident Review Search or Making Dashboard from Investigation

So I'm sorry if this is a rather stupid question, but I have been thrown into creating a dashboard and I've only take...
by Aroot002 Path Finder in Splunk Enterprise Security 06-28-2021
0 1
0
1
SamHTexas

Please advise on a Strategy dealing with increasing number of skipped / saved searches in ES? Thank u

Please advise on a Strategy dealing with increasing number of skipped / saved / deferred searches in Enterprise Secur...
by SamHTexas Builder in Splunk Enterprise Security 06-25-2021
0 1
0
1
Harish217

Can anyone tell me why I am getting the following search error: "Error in 'rex' command: Invalid argument: 'NOT'"

Can anyone let me know why I am getting this error? | rex field=url "(?\w+\.\w+)\/" [| inputlookup IOCs-URLs.csv...
by Harish217 New Member in Splunk Enterprise Security 06-24-2021
0 10
0
10
SamHTexas

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u

Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u `dmc_...
by SamHTexas Builder in Splunk Enterprise Security 06-24-2021
0 0
0
0
acadea

Error after update - Threat Intel

Hello,After updating  SES to version 6.4.0, the menu Configure > Data Enrichment > Threat intelligence Management sho...
by acadea Explorer in Splunk Enterprise Security 06-24-2021
0 2
0
2
sdkp03

Need help with reconfiguring LM and DMC on rebuilt linux server

We did rebuild existing server that hosted LM and DMC. I did install latest splunk on the rebuilt server. Copied conf...
by sdkp03 Communicator in Splunk Enterprise Security 06-23-2021
0 6
0
6
Funderburg78

Is there a way to have a duration value account for weekends

So in python coding you can use rrule to assign weekends in weeks and subtract them from your calculation.  I ask bec...
by Funderburg78 Path Finder in Splunk Enterprise Security 06-22-2021
0 2
0
2
SamHTexas

How do I search for rogue Server added to my environment including info about the Hacker(s)

How do I search for rogue Server added to my environment including info about the Hacker(s)
by SamHTexas Builder in Splunk Enterprise Security 06-21-2021
0 1
0
1
vikkysplunk

firewall use cases

hi All, Pls could you share any links or document's for firewall usecases. Thanks in advance  
by vikkysplunk Path Finder in Splunk Enterprise Security 06-21-2021
0 1
0
1
joshuahuang1

no latest update for ESCU

I saw on https://docs.splunk.com/Documentation/ESSOC/3.23.0/RN/Enhancements, there is 3.23 latest version for ESCU, b...
by joshuahuang1 Engager in Splunk Enterprise Security 06-17-2021
0 1
0
1
yvassilyeva

Find difference in days between today and another date

Hi,I have a creation_date field that has date format 2019-06-21 10:18:00 and then i created a field for today's date ...
by yvassilyeva Path Finder in Splunk Enterprise Security 06-17-2021
0 2
0
2
snsaxena

Risk Based alerting in SPLUNK ES

I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc...
by snsaxena Loves-to-Learn Lots in Splunk Enterprise Security 06-15-2021
0 1
0
1
yvassilyeva

How to convert hours into days

Hi, I have the following duration format that i'd like to convert into days. Initial Format             Desired Forma...
by yvassilyeva Path Finder in Splunk Enterprise Security 06-14-2021
0 2
0
2
diwakar

Splunk ES Notable events not getting triggered

Hello Everyone, I'm trying to use Splunk ES feature for AWS cloudtrail data. I'm using default main index for cloudtr...
by diwakar Engager in Splunk Enterprise Security 06-11-2021
0 2
0
2
yvassilyeva

How to combine two fields values into one

Hi,I have the following table:status                                          countCANCELLED                         ...
by yvassilyeva Path Finder in Splunk Enterprise Security 06-10-2021
0 4
0
4
tibi

Correlation searches scheduling to overcome downtimes and event delays

Hello, Hello, Any suggestions on how to configure the correlation search schedule in a way that will not be affected ...
by tibi Observer in Splunk Enterprise Security 06-10-2021
0 2
0
2
acadea

Threatlist scheme error - unable to initialize modular input

Hello,There is an error "unable to initialize modular input "threatlist"" and it's blocking all the Threat Intel feat...
by acadea Explorer in Splunk Enterprise Security 06-10-2021
0 1
0
1
cmcneilw

Does Splunk automatically tag identities with watchlist?

We recently had Splunk PS help set up ES in our environment, but all of the managed look-ups the PS person created no...
by cmcneilw New Member in Splunk Enterprise Security 06-09-2021
0 0
0
0
ScottLA66

Splunk Event Log is Gibberish

I'm using Splunk for Snort and I'm finding that Splunk is interpreting the Snort logs as gibberish, see below. Any id...
by ScottLA66 New Member in Splunk Enterprise Security 06-09-2021
0 0
0
0
rashid47010

non-owner mailbox access for Microsoft Exchange

we have one audit point that non owner users like domain admin, exchange admin's are opening other's mailboxes and th...
by rashid47010 Communicator in Splunk Enterprise Security 06-08-2021
0 4
0
4
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...
Top Solution Authors
View All