Splunk Enterprise Security

Community Activity

	Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u Please help with running dedup on this search SPL for detecting skipped searches. To remove duplicates. Thank u `dmc_... by SamHTexas Builder in Splunk Enterprise Security 06-24-2021 0 0	0	0
	Error after update - Threat Intel Hello,After updating SES to version 6.4.0, the menu Configure > Data Enrichment > Threat intelligence Management sho... by acadea Explorer in Splunk Enterprise Security 06-24-2021 0 2	0	2
	Need help with reconfiguring LM and DMC on rebuilt linux server We did rebuild existing server that hosted LM and DMC. I did install latest splunk on the rebuilt server. Copied conf... by sdkp03 Communicator in Splunk Enterprise Security 06-23-2021 0 6	0	6
	Is there a way to have a duration value account for weekends So in python coding you can use rrule to assign weekends in weeks and subtract them from your calculation. I ask bec... by Funderburg78 Path Finder in Splunk Enterprise Security 06-22-2021 0 2	0	2
	How do I search for rogue Server added to my environment including info about the Hacker(s) How do I search for rogue Server added to my environment including info about the Hacker(s) by SamHTexas Builder in Splunk Enterprise Security 06-21-2021 0 1	0	1
	firewall use cases hi All, Pls could you share any links or document's for firewall usecases. Thanks in advance  by vikkysplunk Path Finder in Splunk Enterprise Security 06-21-2021 0 1	0	1
	no latest update for ESCU I saw on https://docs.splunk.com/Documentation/ESSOC/3.23.0/RN/Enhancements, there is 3.23 latest version for ESCU, b... by joshuahuang1 Engager in Splunk Enterprise Security 06-17-2021 0 1	0	1
	Find difference in days between today and another date Hi,I have a creation_date field that has date format 2019-06-21 10:18:00 and then i created a field for today's date ... by yvassilyeva Path Finder in Splunk Enterprise Security 06-17-2021 0 2	0	2
	Risk Based alerting in SPLUNK ES I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc... by snsaxena Loves-to-Learn Lots in Splunk Enterprise Security 06-15-2021 0 1	0	1
	How to convert hours into days Hi, I have the following duration format that i'd like to convert into days. Initial Format Desired Forma... by yvassilyeva Path Finder in Splunk Enterprise Security 06-14-2021 0 2	0	2
	Splunk ES Notable events not getting triggered Hello Everyone, I'm trying to use Splunk ES feature for AWS cloudtrail data. I'm using default main index for cloudtr... by diwakar Engager in Splunk Enterprise Security 06-11-2021 0 2	0	2
	How to combine two fields values into one Hi,I have the following table:status countCANCELLED ... by yvassilyeva Path Finder in Splunk Enterprise Security 06-10-2021 0 4	0	4
	Correlation searches scheduling to overcome downtimes and event delays Hello, Hello, Any suggestions on how to configure the correlation search schedule in a way that will not be affected ... by tibi Observer in Splunk Enterprise Security 06-10-2021 0 2	0	2
	Threatlist scheme error - unable to initialize modular input Hello,There is an error "unable to initialize modular input "threatlist"" and it's blocking all the Threat Intel feat... by acadea Explorer in Splunk Enterprise Security 06-10-2021 0 1	0	1
	Does Splunk automatically tag identities with watchlist? We recently had Splunk PS help set up ES in our environment, but all of the managed look-ups the PS person created no... by cmcneilw New Member in Splunk Enterprise Security 06-09-2021 0 0	0	0
	Splunk Event Log is Gibberish I'm using Splunk for Snort and I'm finding that Splunk is interpreting the Snort logs as gibberish, see below. Any id... by ScottLA66 New Member in Splunk Enterprise Security 06-09-2021 0 0	0	0
	non-owner mailbox access for Microsoft Exchange we have one audit point that non owner users like domain admin, exchange admin's are opening other's mailboxes and th... by rashid47010 Communicator in Splunk Enterprise Security 06-08-2021 0 4	0	4
	How to ignore unknown objects in Risk adaptive response? Hi,There're some incidents hit my threat intelligence IP, e.g. dest. That's why Threat Activity notable event is trig... by phil_wong Explorer in Splunk Enterprise Security 06-07-2021 0 2	0	2
	Notable events ES Hi Folks,I have one question, it's possible add an response action when the notable event change status?Example:I hav... by aasabatini Motivator in Splunk Enterprise Security 06-07-2021 0 0	0	0
	Omit IP addresses from SPL What is the best way to omit internal IPs within this SPL? There are a lot of internal source IP hits that come up wh... by tkbrown Engager in Splunk Enterprise Security 06-07-2021 0 1	0	1
	Why does latest version of ES CU app indicates exploring Analytical Stories through ES or Sec Essentials App ? Just downloaded the latest version of ES Content Update app and noticed the following message:Explore the Analytic St... by dm1 Contributor in Splunk Enterprise Security 06-02-2021 0 1	0	1
	Separate ES App "Incident Review Dashboard" Hey Splunkers,any possibility of having 2 separate incident review dashboard- 1st for production usecase- 2nd for Dev... by General_Talos Path Finder in Splunk Enterprise Security 05-20-2021 0 0	0	0
	Not to use RAID5 on SSD when using SmartStore. Why avoid RAID5 on SSD when using SmartStore? by rbal_splunk Splunk Employee in Splunk Enterprise Security 05-20-2021 0 1	0	1
	Raw data on Enterprise Security Hello guys! Does anyone know how I can get (raw data \| raw log) from a dataset on Enterprise Security?On Splunk Ente... by stealth_eth0 New Member in Splunk Enterprise Security 05-19-2021 0 3	0	3
	Azure Implementation We want to implement Splunk cloud , do we need to implement IDMOur data would come from the Azure Cloud and our Data ... by hermontwd Observer in Splunk Enterprise Security 05-19-2021 0 0	0	0