Splunk Enterprise Security

Community Activity

Notable event isn't created. Now I enable correlation search, which is set "Notable" and "Run Phantom Playbook" as adaptive action.Then when logs ... by kanam Loves-to-Learn Everything in Splunk Enterprise Security 02-25-2021 0 6	0	6
Alert setup Hi All,I have a correlation search created where an alert unique ID is generated.That alert id is then used in Episod... by sfirodia New Member in Splunk Enterprise Security 02-25-2021 0 0	0	0
Splunk ES Assets and identity setup Hi, has anyone worked with Assets and identity from Splunk Enterprise Security?I already have the App "Splunk Support... by splunkcol Builder in Splunk Enterprise Security 02-25-2021 0 4	0	4
Threat Intel module mapping multiple fields to same variable Hi,In threat intel module when adding a new threat feed source,The feed contains also sha-256 and MD5 but I can map o... by avivn Explorer in Splunk Enterprise Security 02-23-2021 0 1	0	1
Email result link - Page not found Greetings, as far as we know the SA-AccessProtection app is invisible and all Email search results display a 404 Page... by ibabansk Loves-to-Learn in Splunk Enterprise Security 02-22-2021 0 0	0	0
Where is the "Add New Response Action" in enterprise security? Hello,I must be really tired. Cannot find the Add New Response Action, which is part of setting up my new ES. Can a... by jbender72 Path Finder in Splunk Enterprise Security 02-19-2021 0 1	0	1
Run Adaptive Response & Azure SAML's Lack of AQR IssueWhen configured to use Azure SAML on our Enterprise Security search head (no Authentication Extension yet specif... by Pcktech Explorer in Splunk Enterprise Security 02-18-2021 0 1	0	1
Compare Notables (Index) vs Investigations I want to show how many ES Notables were opened in the last 30 days and how many investigations were opened on a line... by cachexploit Explorer in Splunk Enterprise Security 02-18-2021 0 2	0	2
Rules Time Zones Hi All,I need to build a rule that alerts for specific activity by specific user past working hours.For example:I wan... by astatrial Contributor in Splunk Enterprise Security 02-18-2021 0 3	0	3
Datamodel Search is empty Hello,I have an issue with Endpoint Datamodel while using Enterprise Security.Specifically I am running: \|rest splun... by b_chris21 Communicator in Splunk Enterprise Security 02-17-2021 0 1	0	1
Just updated to ES 6.4 and I need to edit a Threat Match Search I need to manipulate some fields in the URL threat match search in Splunk ES 6.4, but am at a loss as for how to do s... by stroud_bc Path Finder in Splunk Enterprise Security 02-16-2021 0 1	0	1
Stop receiving from UDP port How i create a script to stop receiving data from UDP port on specific hours for example betwenn 12h until 15h ? by mjemi Loves-to-Learn Everything in Splunk Enterprise Security 02-12-2021 0 4	0	4
How to read a field from a result using a search? Hi everyone,Can I read the value of a field from each previous result using a search? Something similar to: \| streams... by rendie Path Finder in Splunk Enterprise Security 02-11-2021 0 4	0	4
create new index from existing index Is there a way take existing index and create from it a new index with aggregating search?meaning taking existing ind... by mcohen13 Loves-to-Learn in Splunk Enterprise Security 02-10-2021 0 3	0	3
Windows & Linux and other logs are required to be sent to pass a GSA gov. audit? What Windows & Linux and other logs need to be sent to Splunk to pass a GSA gov. audit? by SamHTexas Builder in Splunk Enterprise Security 02-05-2021 0 0	0	0
What does "summariesonly' mean in this Enterprise Security search? I found this search in ES Content Updates \| tstats `summariesonly` count min(_time) as firstTime max(_time) as lastT... by test_qweqwe Builder in Splunk Enterprise Security 02-05-2021 0 2	0	2
What is the recommended logging requirement for Linux OS from Splunk ES perspective ? by damode Motivator in Splunk Enterprise Security 02-04-2021 0 2	0	2
notable index not populating events for Splunk enterprise security appurity app Can anyone help me im understanding why the notable events are not getting populated on splunk enterprise security.Iv... by Arun Observer in Splunk Enterprise Security 02-04-2021 0 2	0	2
How can i intgrate Palo Alto with Splunk Hi,I have one index for Palo Alto and there are other Palo Alto already integrated and indexed to this index.i want t... by saeed Explorer in Splunk Enterprise Security 02-02-2021 0 1	0	1
Is there any ES Analytical Story or Usecase for Certificates and Alerts datamodel ? Looking to find what ES usecases are there that use Certificate and/or Alert datamodels by damode Motivator in Splunk Enterprise Security 02-01-2021 0 3	0	3
In Splunk Enterprise Security, why is "weight" field missing in the Threat Intelligence datamodel? The datamodel for Threat Intelligence is missing the weight field. This breaks the built in Threat Activity Detected... by marand Explorer in Splunk Enterprise Security 02-01-2021 0 1	0	1
Combine base search with LDAP search I am having difficulty combining two individual searches. I have the following ldap search that lists the member nam... by d3ll0211 Loves-to-Learn in Splunk Enterprise Security 01-31-2021 0 0	0	0
Missing events in Notable Index Splunk Enterprise Security Hello,For your awareness my architecture consist of 1SH, 1 Enterprise Security SH, Cluster of 3 indexes, deployment ... by courtneyj Engager in Splunk Enterprise Security 01-28-2021 0 3	0	3
What data sources does Splunk for Enterprise Security require? Specifically, what data sources does the Splunk for Entrrpise Security REQUIRE? What data sources are OPTIONAL? Is t... by lesterw Explorer in Splunk Enterprise Security 01-28-2021 2 5	2	5
Application Protocols list in ES - unclear in documentation The documentation for Application Protocol list in ES states "The Application Protocols list is a list of port and pr... by damode Motivator in Splunk Enterprise Security 01-28-2021 0 1	0	1