Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
damode

What is the actual use of Expected Views lookup ?

Splunk doc says, Expected Views list specifies Splunk Enterprise Security views that are monitored on a regular basis...
by damode Motivator in Splunk Enterprise Security 01-28-2021
0 1
0
1
maurizioCagliot

ES: DataModel Acceleration Enforcement: Encountered the following error while trying to update: The following required arguments are missing: manual_rebuilds.

Hi, when trying to remove the automatic data model acceleration enforcement from Data Inputs --> Data Model Accelerat...
by maurizioCagliot Engager in Splunk Enterprise Security 01-27-2021
3 3
3
3
lukasmecir

Is Enterprise Security officially supported in the containerized environment (Docker)?

Hello,I'm trying to find out if Enterprise Security is officially supported in containerized environment (particullar...
by lukasmecir Path Finder in Splunk Enterprise Security 01-21-2021
0 0
0
0
new2spl_unk

Threat intelligence feeds update

Hi All,Recently, I installed MISP42Splunk in my environment  in order to integrate MISP with Splunk. Below is the wor...
by new2spl_unk Explorer in Splunk Enterprise Security 01-20-2021
0 3
0
3
gl_splunkuser

Is it possible to install Splunk Security Enterprise 6.4.0 on Windows?

Hello everyone. Currently I have a cluster architecture of Splunk Enterprise 8.0.7. SH cluster + Indexer Cluster + Ma...
by gl_splunkuser Path Finder in Splunk Enterprise Security 01-19-2021
0 4
0
4
rendie

Batch input. How to index .tar files quickly?

Hi,I have batch index with next configuration:[batch://path/to/files]move_policy = sinkholeindex = maindata And if in...
by rendie Path Finder in Splunk Enterprise Security 01-19-2021
0 1
0
1
gurulee

Seeing both WinEventLogs and XmlWinEventlogs

We want XML based logs over Non-XML logs, but we are seeing both for some reason. Moreover, if we look at the log mes...
by gurulee Explorer in Splunk Enterprise Security 01-19-2021
0 7
0
7
rendie

How to rename a field when an event indexed?

Hello,I have data with fields kind of "Field Id", "Second Id". And I wanna merge these two fields into one, but when ...
by rendie Path Finder in Splunk Enterprise Security 01-19-2021
0 5
0
5
vtalanki

Why is splunkd expecting intermediate certs in the trust store?

Hi,We are exposing our search heads' management port for API access to splunk and enabled mTLS. When our users are hi...
by vtalanki Path Finder in Splunk Enterprise Security 01-16-2021
0 0
0
0
mahdis_jooon

src filed must be defined

hii saw that you had this issue years ago: I've installed Splunk Security Essentials App and Splunk TA for Windows. H...
by mahdis_jooon New Member in Splunk Enterprise Security 01-14-2021
0 0
0
0
edwardrose

Migrate ES standalone to Cluster

I have a couple of questions about migrating the ES standalone search head to a clustered search head.  I have tested...
by edwardrose Contributor in Splunk Enterprise Security 01-13-2021
2 4
2
4
mikko_s

Threat Intelligence framework - downloads not being added most of the time to threat collections

We've set up some Intelligence Downloads. These are downloading files from repository, on which they are upkept conce...
by mikko_s Engager in Splunk Enterprise Security 01-13-2021
1 0
1
0
damode

How does ESCU app exactly maps Analytical Stories against CIS Controls ?

Some context here - When I go to ESCU app and filter down the analytical stories based on CIS control 4, it shows me ...
by damode Motivator in Splunk Enterprise Security 01-12-2021
0 0
0
0
gdigrego

Enterprise Security in hybrid (cloud + on premise) scenario

Hello, We are refining our Splunk hybrid (cloud + on-premise) architecture design and are looking for ideas and expe...
by gdigrego Path Finder in Splunk Enterprise Security 01-12-2021
0 3
0
3
woosh

Remove Entry From Incident Review Search List

An alert was deleted...it no longer shows up under Content Management, but it still shows up under the Incident Revie...
by woosh New Member in Splunk Enterprise Security 01-11-2021
0 3
0
3
cachexploit

Bulk manage adaptive response (send email) for Content Management in ES

Since I have gone through and tuned a lot of the Content in ES, I am looking to see if anyone knows of a Bulk way to ...
by cachexploit Explorer in Splunk Enterprise Security 01-11-2021
0 0
0
0
att35

Using Splunk Stream Aggregation with Network Resolution Data Model

Hi,We are using Splunk Stream to get DNS logs into Splunk and it maps seamlessly with the Network Resolution Data mod...
by att35 Builder in Splunk Enterprise Security 01-07-2021
0 0
0
0
splunkcol

CIM help

I'm reviewing the logs to make sure the fields match the Splunk Enterprise Security CIM and datamodels.The query show...
by splunkcol Builder in Splunk Enterprise Security 01-07-2021
0 2
0
2
sacumen

How to fetch configured correlation data, query notable events, including associated correlation rules for an app?

How to fetch configured correlation data, Query notable events, including associated correlation rules for an app?
by sacumen Explorer in Splunk Enterprise Security 01-07-2021
0 5
0
5
yashaswinig2210

Multiple incident creation on servicenow through splunk

Hi All, @renjith_nair I'm working on a requirement to create a Splunk Alert which triggers/Creates the Incident in Se...
by yashaswinig2210 Engager in Splunk Enterprise Security 01-07-2021
0 1
0
1
damode

Accelerating CIM Validation (S.o.S.) datamodel results in error

After accelerating the CIM Validation (S.o.S.) DM and upon checking the pivot for any of the datasets results in an e...
by damode Motivator in Splunk Enterprise Security 01-07-2021
0 3
0
3
jgorman_THG

How to use a heavy forwarder to collect asset and identity information for Splunk Enterprise Security on Splunk Cloud?

HI! I'm following the following directions to try and set up assets and identities for Splunk Enterprise Security on...
by jgorman_THG Explorer in Splunk Enterprise Security 01-05-2021
0 2
0
2
damode

Strategies for populating watchlist field in Assets and Identity Framework

Can anyone please share some best practise or your own preferred method for populating the watchlist field in the ass...
by damode Motivator in Splunk Enterprise Security 01-04-2021
0 0
0
0
mpwhite

Splunk Fundamentals 1 Expired

I registered for the free splunk fundamentals one course. I was unable to complete it before it expired. How do I re-...
by mpwhite New Member in Splunk Enterprise Security 01-04-2021
0 2
0
2
splunkcol

Normalize action field values

I have an index called firewall and sourcetypes of Palo Alto, Checkpoint and Fortinet routersThe configuration was ca...
by splunkcol Builder in Splunk Enterprise Security 12-28-2020
0 5
0
5
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...
Top Solution Authors
View All