Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
damode
Looking to find what ES usecases are there that use Certificate and/or Alert datamodels
by damode Motivator in Splunk Enterprise Security 02-01-2021
0 3
0
3
marand
The datamodel for Threat Intelligence is missing the weight field. This breaks the built in Threat Activity Detected...
by marand Explorer in Splunk Enterprise Security 02-01-2021
0 1
0
1
d3ll0211
I am having difficulty combining two individual searches.  I have the following ldap search that lists the member nam...
by d3ll0211 Loves-to-Learn in Splunk Enterprise Security 01-31-2021
0 0
0
0
courtneyj
Hello,For your awareness my architecture consist of 1SH, 1 Enterprise Security SH,  Cluster of 3 indexes, deployment ...
by courtneyj Engager in Splunk Enterprise Security 01-28-2021
0 3
0
3
lesterw
Specifically, what data sources does the Splunk for Entrrpise Security REQUIRE? What data sources are OPTIONAL? Is t...
by lesterw Explorer in Splunk Enterprise Security 01-28-2021
2 5
2
5
damode
The documentation for Application Protocol list in ES states "The Application Protocols list is a list of port and pr...
by damode Motivator in Splunk Enterprise Security 01-28-2021
0 1
0
1
damode
Splunk doc says, Expected Views list specifies Splunk Enterprise Security views that are monitored on a regular basis...
by damode Motivator in Splunk Enterprise Security 01-28-2021
0 1
0
1
maurizioCagliot
Hi, when trying to remove the automatic data model acceleration enforcement from Data Inputs --> Data Model Accelerat...
by maurizioCagliot Engager in Splunk Enterprise Security 01-27-2021
3 3
3
3
lukasmecir
Hello,I'm trying to find out if Enterprise Security is officially supported in containerized environment (particullar...
by lukasmecir Path Finder in Splunk Enterprise Security 01-21-2021
0 0
0
0
new2spl_unk
Hi All,Recently, I installed MISP42Splunk in my environment  in order to integrate MISP with Splunk. Below is the wor...
by new2spl_unk Explorer in Splunk Enterprise Security 01-20-2021
0 3
0
3
gl_splunkuser
Hello everyone. Currently I have a cluster architecture of Splunk Enterprise 8.0.7. SH cluster + Indexer Cluster + Ma...
by gl_splunkuser Path Finder in Splunk Enterprise Security 01-19-2021
0 4
0
4
rendie
Hi,I have batch index with next configuration:[batch://path/to/files]move_policy = sinkholeindex = maindata And if in...
by rendie Path Finder in Splunk Enterprise Security 01-19-2021
0 1
0
1
gurulee
We want XML based logs over Non-XML logs, but we are seeing both for some reason. Moreover, if we look at the log mes...
by gurulee Explorer in Splunk Enterprise Security 01-19-2021
0 7
0
7
rendie
Hello,I have data with fields kind of "Field Id", "Second Id". And I wanna merge these two fields into one, but when ...
by rendie Path Finder in Splunk Enterprise Security 01-19-2021
0 5
0
5
vtalanki
Hi,We are exposing our search heads' management port for API access to splunk and enabled mTLS. When our users are hi...
by vtalanki Path Finder in Splunk Enterprise Security 01-16-2021
0 0
0
0
mahdis_jooon
hii saw that you had this issue years ago: I've installed Splunk Security Essentials App and Splunk TA for Windows. H...
by mahdis_jooon New Member in Splunk Enterprise Security 01-14-2021
0 0
0
0
edwardrose
I have a couple of questions about migrating the ES standalone search head to a clustered search head.  I have tested...
by edwardrose Contributor in Splunk Enterprise Security 01-13-2021
2 4
2
4
mikko_s
We've set up some Intelligence Downloads. These are downloading files from repository, on which they are upkept conce...
by mikko_s Engager in Splunk Enterprise Security 01-13-2021
1 0
1
0
damode
Some context here - When I go to ESCU app and filter down the analytical stories based on CIS control 4, it shows me ...
by damode Motivator in Splunk Enterprise Security 01-12-2021
0 0
0
0
gdigrego
Hello, We are refining our Splunk hybrid (cloud + on-premise) architecture design and are looking for ideas and expe...
by gdigrego Path Finder in Splunk Enterprise Security 01-12-2021
0 3
0
3
woosh
An alert was deleted...it no longer shows up under Content Management, but it still shows up under the Incident Revie...
by woosh Engager in Splunk Enterprise Security 01-11-2021
0 3
0
3
cachexploit
Since I have gone through and tuned a lot of the Content in ES, I am looking to see if anyone knows of a Bulk way to ...
by cachexploit Explorer in Splunk Enterprise Security 01-11-2021
0 0
0
0
att35
Hi,We are using Splunk Stream to get DNS logs into Splunk and it maps seamlessly with the Network Resolution Data mod...
by att35 Builder in Splunk Enterprise Security 01-07-2021
0 0
0
0
splunkcol
I'm reviewing the logs to make sure the fields match the Splunk Enterprise Security CIM and datamodels.The query show...
by splunkcol Builder in Splunk Enterprise Security 01-07-2021
0 2
0
2
sacumen
How to fetch configured correlation data, Query notable events, including associated correlation rules for an app?
by sacumen Explorer in Splunk Enterprise Security 01-07-2021
0 5
0
5
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...

Request for Professional Development: Attending .conf26

Winning Over the Boss: Your Pass to .conf26 conf26 is going to be here before you know it. If don't already ...