Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
ScottLA66

Splunk Event Log is Gibberish

I'm using Splunk for Snort and I'm finding that Splunk is interpreting the Snort logs as gibberish, see below. Any id...
by ScottLA66 New Member in Splunk Enterprise Security 06-09-2021
0 0
0
0
rashid47010

non-owner mailbox access for Microsoft Exchange

we have one audit point that non owner users like domain admin, exchange admin's are opening other's mailboxes and th...
by rashid47010 Communicator in Splunk Enterprise Security 06-08-2021
0 4
0
4
phil_wong

How to ignore unknown objects in Risk adaptive response?

Hi,There're some incidents hit my threat intelligence IP, e.g. dest. That's why Threat Activity notable event is trig...
by phil_wong Explorer in Splunk Enterprise Security 06-07-2021
0 2
0
2
aasabatini

Notable events ES

Hi Folks,I have one question, it's possible add an response action when the notable event change status?Example:I hav...
by aasabatini Motivator in Splunk Enterprise Security 06-07-2021
0 0
0
0
tkbrown

Omit IP addresses from SPL

What is the best way to omit internal IPs within this SPL? There are a lot of internal source IP hits that come up wh...
by tkbrown Engager in Splunk Enterprise Security 06-07-2021
0 1
0
1
dm1

Why does latest version of ES CU app indicates exploring Analytical Stories through ES or Sec Essentials App ?

Just downloaded the latest version of ES Content Update app and noticed the following message:Explore the Analytic St...
by dm1 Contributor in Splunk Enterprise Security 06-02-2021
0 1
0
1
General_Talos

Separate ES App "Incident Review Dashboard"

Hey Splunkers,any possibility of having 2 separate incident review dashboard- 1st for production usecase- 2nd for Dev...
by General_Talos Path Finder in Splunk Enterprise Security 05-20-2021
0 0
0
0
rbal_splunk

Not to use RAID5 on SSD when using SmartStore.

Why avoid RAID5 on SSD when using SmartStore?
by rbal_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 05-20-2021
0 1
0
1
stealth_eth0

Raw data on Enterprise Security

Hello guys! Does anyone know  how I can get (raw data | raw log) from a dataset on Enterprise Security?On Splunk Ente...
by stealth_eth0 New Member in Splunk Enterprise Security 05-19-2021
0 3
0
3
hermontwd

Azure Implementation

We want to implement Splunk cloud , do we need to implement IDMOur data would come from the Azure Cloud and our Data ...
by hermontwd Observer in Splunk Enterprise Security 05-19-2021
0 0
0
0
ITAdminBart

How does Splunk SE impact existing infrastructure performance?

Hello,I have been searching for hours but I have yet to come across to an answer to my question:- How does Splunk SE ...
by ITAdminBart Engager in Splunk Enterprise Security 05-19-2021
0 1
0
1
ejwade

Why doesn't the Splunk Add-on for Microsoft Windows DNS populate the Network Resolution data model?

I'm not seeing the Network Resolution/DNS datamodel/dataset populated from the Splunk Add-on for Microsoft Windows DN...
by ejwade Contributor in Splunk Enterprise Security 05-14-2021
1 2
1
2
sherpedz

Splunk ES - Incident Review (for SLA)

Sorry to ask this question if it has been talked about before - I have a Splunk ES installation that we use the "Inci...
by sherpedz Loves-to-Learn Lots in Splunk Enterprise Security 05-13-2021
0 0
0
0
mjones414

Integration of "Investigation" ES functionality into a custom splunk app

Hello,I am wanting to write an app for Splunk ES that can leverage the ability to integrate the investigation toolbar...
by mjones414 Contributor in Splunk Enterprise Security 05-11-2021
0 0
0
0
SamHTexas

How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often?

How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often? I have alrea...
by SamHTexas Builder in Splunk Enterprise Security 05-11-2021
0 1
0
1
obais9346

How to create custom app/addon(steps) using CLI and push to SHC members using deployer

I am a Advanced beginner to splunk and i want to create custom app/addon in my search head cluster environment and pu...
by obais9346 Engager in Splunk Enterprise Security 05-07-2021
0 3
0
3
dwibedi03

Configure FS-ISAC TAXXI Feeds in Splunk ES

I am working on configuring the TAXXI Feeds. My Post argument is as below:collection="curated-ragw" earliest="-7d" ke...
by dwibedi03 Explorer in Splunk Enterprise Security 05-06-2021
0 0
0
0
DEAD_BEEF

Splunk ES 4.7.6 - How do we track active investigations via lookup?

Is there a lookup I can use to create a custom table of active investigations? I am trying to create a table that sh...
by DEAD_BEEF Builder in Splunk Enterprise Security 05-05-2021
2 8
2
8
will2021

Modifying Splunk ES Investigations in bulk

I am currently cleaning up the backlog of open Investigations and would like to close all investigations opened befor...
by will2021 Engager in Splunk Enterprise Security 05-05-2021
0 0
0
0
_joe

Splunk Stream ingest PCAP from the GUI issue

I am having issues ingesting PCAP files from the GUI.I found similar Answers and bug "STREAM-4235" but it appears to ...
by _joe Contributor in Splunk Enterprise Security 05-05-2021
0 0
0
0
bipin82

Splunk Enterprise Security: Where can I find the incident review logs (incident_review.csv)?

Hello: Can anyone help me in finding the Incident review logs? Will it be there in the Indexer or the Search heads? ...
by bipin82 New Member in Splunk Enterprise Security 05-04-2021
0 2
0
2
michael_bates_1

With regards to PeriodicHealthReporter, what constitutes a "Delayed Search"

Since performing a recent upgrade, SPlunk is constantly reporting (in Health Status) that the Searches Delayed is abo...
by michael_bates_1 Path Finder in Splunk Enterprise Security 05-04-2021
1 1
1
1
fedrooo

Intelligence feed download by API

Hi Splunkers, we are tring to integrate our CTI portal to our splunk ES instance by intelligence feed, the situation ...
by fedrooo Engager in Splunk Enterprise Security 05-03-2021
0 0
0
0
vamshikn72

Assign multiple risk objects in Risk Analysis

How to assign multiple risk object fields and object types in Risk analysis response action. I know it's possible fro...
by vamshikn72 Explorer in Splunk Enterprise Security 05-03-2021
0 4
0
4
vikkysplunk

generating 5 individual notables events for single search but i need one notable event for all the search results

Hi all, Using the below SPL i have created one new use case for multiple emails sent from external domain. For exampl...
by vikkysplunk Path Finder in Splunk Enterprise Security 05-02-2021
0 1
0
1
Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...
Top Solution Authors
View All