Splunk Enterprise Security

Community Activity

How to parse ADFS Authentication logs for CIM compliance: Mixed XML and KV extraction We utilize Microsoft Active Directory Federation Services for SSO integration with several cloud applications. We wou... by stroud_bc Path Finder in Splunk Enterprise Security 11-19-2020 0 4	0	4
Passing fields into multiple searches w/out using Map Cmd *I would typically use the map command for this, but it's currently broken and support is working to fix itThat being... by McThunderStick Engager in Splunk Enterprise Security 11-19-2020 0 2	0	2
Correlation Search - Search to either email or allow notable event to be fired. We have some users asking for Notable Events and emails depending on search results.Example...If the number of errors... by llmillerjr Observer in Splunk Enterprise Security 11-18-2020 0 1	0	1
What is the difference between Splunk Enterprise and Splunk Enterprise Security ? hii i'm new at Splunk and i want to know the difference between Splunk and Splunk security. I know that Splunk Enterp... by neermine Path Finder in Splunk Enterprise Security 11-13-2020 0 3	0	3
[PCI] Could you please elobrate logic for display of Compliance Status History view for security Posture The issue is for the “PCI Compliance Posture” dashboard the View “Compliance Status History” is not showing data. It... by rbal_splunk Splunk Employee in Splunk Enterprise Security 11-12-2020 0 1	0	1
[PCI]Compliance Status History Scorecard In PCI Compliance -Not Rendering Data VERSION=8.0.6ES version= version = 6.1.0Splunk_DA-ESS_PCICompliance=4.1.0Issue is for the “PCI Compliance Posture” da... by rbal_splunk Splunk Employee in Splunk Enterprise Security 11-12-2020 0 1	0	1
Splunk Enterprise Security Sandbox - where is the sample data? Hi,I signed up for the 7-day Enterprise Security Sandbox trial.According to the web site, there is supposed to be sam... by jonscheele New Member in Splunk Enterprise Security 11-12-2020 0 2	0	2
Error in 'apply' command: Failed to load model "smb_pdfmodel": Model does not exist. I tried to enable some use cases from Splunk ESCU and then I copied SPL command and run searching to test. It seems ... by BenzSann Splunk Employee in Splunk Enterprise Security 11-11-2020 0 1	0	1
Workflows dependent on the content of a field I am working on improving usage of the risk framework within our instance of Splunk ES.At present there are a number ... by sheamus69 Communicator in Splunk Enterprise Security 11-09-2020 0 2	0	2
accelerated datamodels API query HiNeed you help with API query for getting accelerated datamodels statistics (usage and size)thanks! by havatz Explorer in Splunk Enterprise Security 11-08-2020 0 2	0	2
Spontaneous "Health Check" error messages reported on ES Search Head regardng "maxmind_geoip_asn_ipv6" failed download? We are getting the following errors on our Enterprise Security Search Head and are wondering why and how to fix them:... by woodcock Esteemed Legend in Splunk Enterprise Security 11-05-2020 0 7	0	7
Setup the Threat feed integration in ES We are Planning to set up Threat feed integrate in ES, We have installed crowdstrike Intel add on and now need to set... by sahiltcs Path Finder in Splunk Enterprise Security 11-04-2020 1 1	1	1
Splunk ES Content Updates- Keeping it up to date I need to allow the Splunk ES SH to access the Internet to allow the Splunk ES Use Cases / Content updates to be upda... by ttokkaris1 Engager in Splunk Enterprise Security 11-02-2020 1 1	1	1
adding Threat feed to Enterprise Security How Can I add a subnet or CIDR to ip intel threat intelligence lookup? by sabaKhadivi Path Finder in Splunk Enterprise Security 11-02-2020 2 1	2	1
FS-ISAC Feeds Not Showing in Threat Artifacts Good day, I have enabled FS-ISAC Threat Intelligence feed to our environment. I've confirmed that the feed was succe... by dantimola Communicator in Splunk Enterprise Security 11-01-2020 1 5	1	5
Endpoint Data Model doesn't exist HiWe're using splunk Enterprise Security V5.1.0. When i search in data models list, i can't find "Endpoint" data mode... by MoeinABO Engager in Splunk Enterprise Security 10-31-2020 1 1	1	1
Eventgen not taking my txt file from sample directory Hi Everyone,I've added a txt file to SA-Eventgen sample folder and wrote the configuration in the eventgen.conf file ... by Nith Explorer in Splunk Enterprise Security 10-31-2020 0 2	0	2
Monitor network traffic HII would like to log network traffic for 10 servers in my environment for period of 60 day's and analyze it later o... by malshibani5529 Engager in Splunk Enterprise Security 10-30-2020 0 1	0	1
Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F I tried to log into slunk enterprise and was told by 2 web browsers chrome and edge that the security certificate had... by jcodjo3 Explorer in Splunk Enterprise Security 10-28-2020 0 2	0	2
port scan across multiple "_time" spans Hi all, using the following:${index+sourcetype-information} NOT src_ip IN ("10.","127.","192.168.*","172.16.0.0/12"... by a_custom_user Loves-to-Learn Lots in Splunk Enterprise Security 10-27-2020 0 11	0	11
Clarification on search query to detect outliers Hello fellow splunkers, I would like to ask you something regarding the function that most of the alerts take to find... by jogonz20 Explorer in Splunk Enterprise Security 10-26-2020 1 2	1	2
ES Sandbox is not available Hi,I went through the creation process of ES sandbox, but I haven't received any mail about the created sandbox. But ... by gazgizmo Engager in Splunk Enterprise Security 10-26-2020 1 2	1	2
Want help in creating Splunk Query with specific conditions? Hi Splunk Members,Good Day!I am looking for support to create a query with Windows Security Events Logs. Basically th... by joomla Engager in Splunk Enterprise Security 10-26-2020 0 2	0	2
Restrictions filter - Role restrict search I created a Role with the following restriction:1- origen::chile OR ( index::_audit AND user="secchi")But still can s... by hugohctint Loves-to-Learn Lots in Splunk Enterprise Security 10-24-2020 0 5	0	5
Using Authentication for Enterprise Security Threat Intelligence Feeds Hey guys, I'm trying to add new threat feeds via ES Threat Intel Download. One of the feeds requires API token authen... by ivansadovoy Engager in Splunk Enterprise Security 10-22-2020 2 0	2	0