Splunk Enterprise Security

Discussions

Thread Info

API AWS query question

Hi This is my API AWS query: "search index=aws userIdentity.type=Root eventName=ConsoleLogin earliest=-10d | rex...

by Explorer in

How can I verify (using splunk internal logs) that port 8089 is indeed with SSL and the TLS version used?

My question is, how can I prove that the Splunk server.conf enableSplunkdSSL is indeed working and with the sslVersio...

by Path Finder in

Incident rewiew does not show events.

Good day, I have noticed that the incident review shows no events, for about a day. The indexers were reviewed by m...

by Engager in

Splunk entreprise security status "Pending..."

Has anyone presented this problem?

by Contributor in

Asset and identity management merge prio into lookup

Hi there, The situation is as follows. We've a scheduled search running which is doing LDAP query on Active direct...

by Explorer in

Percentage of Indexes’ logs in 24 hours.

Can someone help me to identify Percentage of Indexes’ logs in 24 hours.? I have pulled using count like this :inde...

by Path Finder in

Jobs with warning message Splunk ES

This warning message indicates that even though it has errors, it is still running or is definitely not working? As...

by Contributor in

Customize Notable Status Order in Dropdown

Hi everyone, I have a request from our security team to reorder our notable event statuses in the dropdown. We h...

by Communicator in

Cookie login - Secure set to true and httponly

Hello, Do you know how I can put HttpOnly and Secure to true in cookie login? Security team request It to me. ...

by Explorer in

ES Correlation Search index configuration

Hello friends, We have Splunk ES and we stored our data in different indexes (OS logs, Network logs, ...) I have ...

by Path Finder in

SPLUNK ES Notable Event Closure

When closing a notable event in SPLUNK Enterprise Security, there are typically the following fields available Sta...

by Super Champion in

Insert a glass table into a dashboard

Enterprise Security has a nice Glass Table feature. I'm wondering if it is possible to include it within dashboard? O...

by Explorer in

Manual Notable Event

I was trying to create a manual notable event using "sendalert notable". But the name of the notable is coming as "Ma...

by Communicator in

Splunk ES on version 7.3.3: How to get consistent user lookups on both incident reviews and investigations?

The Owner selection in Incident Review filters by the account "Full name", but the Investigations filter to add users...

by Communicator in

How can I set up an email notification when an incident is assigned

How can I set up an email alert to notify someone who is assigned the incident from the incident review page?

by Explorer in

How to track on ES the timestamp whenever I changed in the investigations section the status of any investigation

I am trying to figure out how I can track the timestamp whenever I changed the status of any recently opened investig...

by Explorer in

Bundle issues with SHC

Hi all, I'm having these error messages - Streamed seach execute failed beacuse: Error in 'lookup' command: Could...

by Path Finder in

Splunk Security Essentials

Hi all, Just installed splunk security essentials app and after that did a "Start Searches" , its running for long...

by New Member in

Top alerts fires

Please I am looking for a query to search for the top alerts that fired within 2 weeks (or within a time frame). I ...

by Path Finder in

Is there an easy way to configure HTTP proxy for Analytic Story Execution (ASX) App?

Hi fellow Splunkers, I've stumbled upon a cool piece of code, namely the ASX app that allows you to load configura...

by Builder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

API AWS query question

How can I verify (using splunk internal logs) that port 8089 is indeed with SSL and the TLS version used?

Incident rewiew does not show events.

Splunk entreprise security status "Pending..."

Asset and identity management merge prio into lookup

Percentage of Indexes’ logs in 24 hours.

Jobs with warning message Splunk ES

Customize Notable Status Order in Dropdown

Cookie login - Secure set to true and httponly

ES Correlation Search index configuration

SPLUNK ES Notable Event Closure

Insert a glass table into a dashboard

Manual Notable Event

Splunk ES on version 7.3.3: How to get consistent user lookups on both incident reviews and investigations?

How can I set up an email notification when an incident is assigned

How to track on ES the timestamp whenever I changed in the investigations section the status of any investigation

Bundle issues with SHC

Splunk Security Essentials

Top alerts fires

Is there an easy way to configure HTTP proxy for Analytic Story Execution (ASX) App?

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

Why is multisearch stopping after first result?

Anyone have a search for meant time to triage for ...

How to create Splunk alert to detect unauthorized ...

Is there customization required for Salesforce int...

How do I stop Multiple Analysts from grabbing the ...