Thread Info | |||||
---|---|---|---|---|---|
When closing a notable event in SPLUNK Enterprise Security, there are typically the following fields available
Sta...
by
thambisetty
SplunkTrust
in
Splunk Enterprise Security
05-12-2020
|
1
|
4
| |||
Enterprise Security has a nice Glass Table feature. I'm wondering if it is possible to include it within dashboard? O...
by
alekwisnia
Explorer
in
Splunk Enterprise Security
09-16-2020
|
0
|
2
| |||
I was trying to create a manual notable event using "sendalert notable". But the name of the notable is coming as "Ma...
by
ansusabu
Communicator
in
Splunk Enterprise Security
09-04-2019
|
0
|
4
| |||
The Owner selection in Incident Review filters by the account "Full name", but the Investigations filter to add users...
by
malvidin
Communicator
in
Splunk Enterprise Security
09-16-2020
|
0
|
0
| |||
How can I set up an email alert to notify someone who is assigned the incident from the incident review page?
by
nareerat_pr
Explorer
in
Splunk Enterprise Security
09-16-2020
|
0
|
1
| |||
I am trying to figure out how I can track the timestamp whenever I changed the status of any recently opened investig...
by
jogonz20
Explorer
in
Splunk Enterprise Security
09-14-2020
|
0
|
2
| |||
Hi all,
I'm having these error messages -
Streamed seach execute failed beacuse: Error in 'lookup' command: Could...
by
d_lim
Path Finder
in
Splunk Enterprise Security
09-10-2020
|
0
|
1
| |||
Hi all,
Just installed splunk security essentials app and after that did a "Start Searches" , its running for long...
by
venkasplunk
New Member
in
Splunk Enterprise Security
07-10-2019
|
0
|
3
| |||
Please I am looking for a query to search for the top alerts that fired within 2 weeks (or within a time frame).
I ...
by
saotaigiri
Path Finder
in
Splunk Enterprise Security
09-10-2020
|
0
|
1
| |||
Hi fellow Splunkers,
I've stumbled upon a cool piece of code, namely the ASX app that allows you to load configura...
by
ololdach
Builder
in
Splunk Enterprise Security
09-10-2020
|
0
|
0
| |||
I need an action for an incident responder to send a selected event's data via email. I can define notable actions, b...
by
alekwisnia
Explorer
in
Splunk Enterprise Security
08-31-2020
|
0
|
1
| |||
Hi Team
I am searching to confirm the SPL to poll a KV Store check the status of the es_notable_events when a statu...
by
Splunkometry88
Explorer
in
Splunk Enterprise Security
09-09-2020
|
0
|
3
| |||
Hello, so I was looking at my metadata/local.meta and it is only the following 4 lines:
[savedsearches/mysavedsearc...
by
d_lim
Path Finder
in
Splunk Enterprise Security
09-09-2020
|
0
|
3
| |||
Hi All,
I have two indexes.
Index A | table email_usersIndex B | table email, Group
email_users and email field...
by
armanih
Explorer
in
Splunk Enterprise Security
09-06-2020
|
0
|
3
| |||
I would like to integrate an app or add-on into Splunk that enables employees in the company to bring anomalies into ...
by
FranziskaHodbod
New Member
in
Splunk Enterprise Security
09-08-2020
|
0
|
1
| |||
I'm not able to search cloud-front logs from S3. There is no results. But I'm able to search ELB logs and Cloud-trail...
by
mounavignesh
New Member
in
Splunk Enterprise Security
09-07-2020
|
0
|
0
| |||
I've created a correlation search, then I want to add the send email response action with a link to this rule that sh...
by
nareerat_pr
Explorer
in
Splunk Enterprise Security
09-07-2020
|
0
|
1
| |||
Hi there, I noticed that the URL path for the MaxMind ASN Database has changed on, to another path, and the siem can ...
by
josephliion
Explorer
in
Splunk Enterprise Security
01-21-2019
|
3
|
7
| |||
Hi Team
I am looking to send an email alert once the notable event is closed, I can send an email when the notable ...
by
Splunkometry88
Explorer
in
Splunk Enterprise Security
09-02-2020
|
0
|
1
| |||
Why do we encounter this "Does not meet the recommended minimum system" only for ESSH03 even though all of the syst...
by
jadengoho
Builder
in
Splunk Enterprise Security
09-03-2020
|
0
|
3
| |||
Hi all
I have a threat feed that is available via using an API key only, I could not see any way to add the API key...
by
Splunkometry88
Explorer
in
Splunk Enterprise Security
09-01-2020
|
0
|
1
| |||
Hi everyone,
Introduction:
We have Palo Alto products, and we have also installed the appropriate add-on and apps...
by
astatrial
Contributor
in
Splunk Enterprise Security
09-02-2020
|
0
|
2
| |||
Hi All,
We notice a seemingly weird behaviour where modifying the notable severity in a correlation search brings u...
by
vik_splunk
Communicator
in
Splunk Enterprise Security
07-24-2020
|
0
|
6
| |||
Enabled 3 ESCU rules in ES and mapped them in SSE using Content Introspection on the Manage Bookmarks page.
After a...
by
Laszlo_K
Explorer
in
Splunk Enterprise Security
09-02-2020
|
0
|
0
| |||
Hi ,
Can anyone provide me approach/steps for integrating threat intelligence framework to Splunk ES.
Also , how ...
by
abhinav_go
Engager
in
Splunk Enterprise Security
09-01-2020
|
1
|
0
|