Splunk Enterprise Security

Discussions

Thread Info

Error after update - Threat Intel

Hello, After updating SES to version 6.4.0, the menu Configure > Data Enrichment > Threat intelligence Management ...

by Explorer in

Need help with reconfiguring LM and DMC on rebuilt linux server

We did rebuild existing server that hosted LM and DMC. I did install latest splunk on the rebuilt server. Copied conf...

by Communicator in

Is there a way to have a duration value account for weekends

So in python coding you can use rrule to assign weekends in weeks and subtract them from your calculation. I ask bec...

by Path Finder in

How do I search for rogue Server added to my environment including info about the Hacker(s)

by Builder in

firewall use cases

hi All, Pls could you share any links or document's for firewall usecases. Thanks in advance 

by Path Finder in

no latest update for ESCU

I saw on https://docs.splunk.com/Documentation/ESSOC/3.23.0/RN/Enhancements, there is 3.23 latest version for ESCU, b...

by Engager in

Find difference in days between today and another date

Hi, I have a creation_date field that has date format 2019-06-21 10:18:00 and then i created a field for today's da...

by Path Finder in

Risk Based alerting in SPLUNK ES

I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc...

by Loves-to-Learn Lots in

How to convert hours into days

Hi, I have the following duration format that i'd like to convert into days. Initial Format Desired...

by Path Finder in

Splunk ES Notable events not getting triggered

Hello Everyone, I'm trying to use Splunk ES feature for AWS cloudtrail data. I'm using default main index for cloudtr...

by Engager in

How to combine two fields values into one

Hi, I have the following table: status count CANCELLED ...

by Path Finder in

Correlation searches scheduling to overcome downtimes and event delays

Hello, Hello, Any suggestions on how to configure the correlation search schedule in a way that will not ...

by Observer in

Threatlist scheme error - unable to initialize modular input

Hello, There is an error "unable to initialize modular input "threatlist"" and it's blocking all the Threat Intel f...

by Explorer in

Does Splunk automatically tag identities with watchlist?

We recently had Splunk PS help set up ES in our environment, but all of the managed look-ups the PS person created no...

by New Member in

Splunk Event Log is Gibberish

I'm using Splunk for Snort and I'm finding that Splunk is interpreting the Snort logs as gibberish, see below. Any id...

by New Member in

non-owner mailbox access for Microsoft Exchange

we have one audit point that non owner users like domain admin, exchange admin's are opening other's mailboxes and th...

by Communicator in

How to ignore unknown objects in Risk adaptive response?

Hi, There're some incidents hit my threat intelligence IP, e.g. dest. That's why Threat Activity notable event is t...

by Explorer in

Notable events ES

Hi Folks, I have one question, it's possible add an response action when the notable event change status? Example...

by Motivator in

Omit IP addresses from SPL

What is the best way to omit internal IPs within this SPL? There are a lot of internal source IP hits that come up wh...

by Engager in

Why does latest version of ES CU app indicates exploring Analytical Stories through ES or Sec Essentials App ?

Just downloaded the latest version of ES Content Update app and noticed the following message: ...

by Contributor in

Separate ES App "Incident Review Dashboard"

Hey Splunkers, any possibility of having 2 separate incident review dashboard - 1st for production usecase - 2n...

by Path Finder in

Not to use RAID5 on SSD when using SmartStore.

Why avoid RAID5 on SSD when using SmartStore?

by Splunk Employee in

Raw data on Enterprise Security

Hello guys! Does anyone know how I can get (raw data | raw log) from a dataset on Enterprise Security? On Splunk E...

by New Member in

Azure Implementation

We want to implement Splunk cloud , do we need to implement IDM Our data would come from the Azure Cloud and our Da...

by Observer in

How does Splunk SE impact existing infrastructure performance?

Hello, I have been searching for hours but I have yet to come across to an answer to my question: - How does Splu...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Error after update - Threat Intel

Need help with reconfiguring LM and DMC on rebuilt linux server

Is there a way to have a duration value account for weekends

How do I search for rogue Server added to my environment including info about the Hacker(s)

firewall use cases

no latest update for ESCU

Find difference in days between today and another date

Risk Based alerting in SPLUNK ES

How to convert hours into days

Splunk ES Notable events not getting triggered

How to combine two fields values into one

Correlation searches scheduling to overcome downtimes and event delays

Threatlist scheme error - unable to initialize modular input

Does Splunk automatically tag identities with watchlist?

Splunk Event Log is Gibberish

non-owner mailbox access for Microsoft Exchange

How to ignore unknown objects in Risk adaptive response?

Notable events ES

Omit IP addresses from SPL

Why does latest version of ES CU app indicates exploring Analytical Stories through ES or Sec Essentials App ?

Separate ES App "Incident Review Dashboard"

Not to use RAID5 on SSD when using SmartStore.

Raw data on Enterprise Security

Azure Implementation

How does Splunk SE impact existing infrastructure performance?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Asset Identity Framework subnet does not match ip-...

Palo Alto apps and add-ons for splunk

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions