Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
snsaxena
I want to enable risk based alerting as a part of threat hunting.Usecase- lf a malicious file is transmitted, risk sc...
by snsaxena Loves-to-Learn Lots in Splunk Enterprise Security 06-15-2021
0 1
0
1
yvassilyeva
Hi, I have the following duration format that i'd like to convert into days. Initial Format             Desired Forma...
by yvassilyeva Path Finder in Splunk Enterprise Security 06-14-2021
0 2
0
2
diwakar
Hello Everyone, I'm trying to use Splunk ES feature for AWS cloudtrail data. I'm using default main index for cloudtr...
by diwakar Engager in Splunk Enterprise Security 06-11-2021
0 2
0
2
yvassilyeva
Hi,I have the following table:status                                          countCANCELLED                         ...
by yvassilyeva Path Finder in Splunk Enterprise Security 06-10-2021
0 4
0
4
tibi
Hello, Hello, Any suggestions on how to configure the correlation search schedule in a way that will not be affected ...
by tibi Observer in Splunk Enterprise Security 06-10-2021
0 2
0
2
acadea
Hello,There is an error "unable to initialize modular input "threatlist"" and it's blocking all the Threat Intel feat...
by acadea Explorer in Splunk Enterprise Security 06-10-2021
0 1
0
1
cmcneilw
We recently had Splunk PS help set up ES in our environment, but all of the managed look-ups the PS person created no...
by cmcneilw New Member in Splunk Enterprise Security 06-09-2021
0 0
0
0
ScottLA66
I'm using Splunk for Snort and I'm finding that Splunk is interpreting the Snort logs as gibberish, see below. Any id...
by ScottLA66 New Member in Splunk Enterprise Security 06-09-2021
0 0
0
0
rashid47010
we have one audit point that non owner users like domain admin, exchange admin's are opening other's mailboxes and th...
by rashid47010 Communicator in Splunk Enterprise Security 06-08-2021
0 4
0
4
phil_wong
Hi,There're some incidents hit my threat intelligence IP, e.g. dest. That's why Threat Activity notable event is trig...
by phil_wong Explorer in Splunk Enterprise Security 06-07-2021
0 2
0
2
aasabatini
Hi Folks,I have one question, it's possible add an response action when the notable event change status?Example:I hav...
by aasabatini Motivator in Splunk Enterprise Security 06-07-2021
0 0
0
0
tkbrown
What is the best way to omit internal IPs within this SPL? There are a lot of internal source IP hits that come up wh...
by tkbrown Engager in Splunk Enterprise Security 06-07-2021
0 1
0
1
dm1
Just downloaded the latest version of ES Content Update app and noticed the following message:Explore the Analytic St...
by dm1 Contributor in Splunk Enterprise Security 06-02-2021
0 1
0
1
General_Talos
Hey Splunkers,any possibility of having 2 separate incident review dashboard- 1st for production usecase- 2nd for Dev...
by General_Talos Path Finder in Splunk Enterprise Security 05-20-2021
0 0
0
0
rbal_splunk
Why avoid RAID5 on SSD when using SmartStore?
by rbal_splunk Splunk Employee Splunk Employee in Splunk Enterprise Security 05-20-2021
0 1
0
1
stealth_eth0
Hello guys! Does anyone know  how I can get (raw data | raw log) from a dataset on Enterprise Security?On Splunk Ente...
by stealth_eth0 New Member in Splunk Enterprise Security 05-19-2021
0 3
0
3
hermontwd
We want to implement Splunk cloud , do we need to implement IDMOur data would come from the Azure Cloud and our Data ...
by hermontwd Observer in Splunk Enterprise Security 05-19-2021
0 0
0
0
ITAdminBart
Hello,I have been searching for hours but I have yet to come across to an answer to my question:- How does Splunk SE ...
by ITAdminBart Engager in Splunk Enterprise Security 05-19-2021
0 1
0
1
ejwade
I'm not seeing the Network Resolution/DNS datamodel/dataset populated from the Splunk Add-on for Microsoft Windows DN...
by ejwade Contributor in Splunk Enterprise Security 05-14-2021
1 2
1
2
sherpedz
Sorry to ask this question if it has been talked about before - I have a Splunk ES installation that we use the "Inci...
by sherpedz Loves-to-Learn Lots in Splunk Enterprise Security 05-13-2021
0 0
0
0
mjones414
Hello,I am wanting to write an app for Splunk ES that can leverage the ability to integrate the investigation toolbar...
by mjones414 Contributor in Splunk Enterprise Security 05-11-2021
0 0
0
0
SamHTexas
How do I backup the Splunk Enterprise Security app. What components needs to be backed up and how often? I have alrea...
by SamHTexas Builder in Splunk Enterprise Security 05-11-2021
0 1
0
1
obais9346
I am a Advanced beginner to splunk and i want to create custom app/addon in my search head cluster environment and pu...
by obais9346 Engager in Splunk Enterprise Security 05-07-2021
0 3
0
3
dwibedi03
I am working on configuring the TAXXI Feeds. My Post argument is as below:collection="curated-ragw" earliest="-7d" ke...
by dwibedi03 Explorer in Splunk Enterprise Security 05-06-2021
0 0
0
0
DEAD_BEEF
Is there a lookup I can use to create a custom table of active investigations? I am trying to create a table that sh...
by DEAD_BEEF Builder in Splunk Enterprise Security 05-05-2021
2 8
2
8
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...