Splunk Enterprise Security

Discussions

Thread Info

Monitor network traffic

HI I would like to log network traffic for 10 servers in my environment for period of 60 day's and analyze it late...

by Engager in

Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

I tried to log into slunk enterprise and was told by 2 web browsers chrome and edge that the security certificate had...

by Explorer in

port scan across multiple "_time" spans

Hi all, using the following: ${index+sourcetype-information} NOT src_ip IN ("10.*","127.*","192.168.*","172.16.0.0/...

by Loves-to-Learn Lots in

Clarification on search query to detect outliers

Hello fellow splunkers, I would like to ask you something regarding the function that most of the al...

by Explorer in

ES Sandbox is not available

Hi, I went through the creation process of ES sandbox, but I haven't received any mail about the created sandbox. B...

by Engager in

Want help in creating Splunk Query with specific conditions?

Hi Splunk Members, Good Day! I am looking for support to create a query with Windows Security Events Logs. Basica...

by Engager in

Restrictions filter - Role restrict search

I created a Role with the following restriction: 1- origen::chile OR ( index::_audit AND user="secchi") But still...

by Loves-to-Learn Lots in

Using Authentication for Enterprise Security Threat Intelligence Feeds

Hey guys, I'm trying to add new threat feeds via ES Threat Intel Download. One of the feeds requires API token aut...

by Engager in

What are the CIM fields created by the Windows TA?

Hi, I´m looking for a list of all CIM fileds that are created by the Windows TA... I can´t find any doku... T...

by Path Finder in

Possible for one Splunk ES for different Splunk Enterprise?

Hi, Currently, my company has 2 sites (let's say Site A and Site B), and each of them have their own Splunk Enterpr...

by New Member in

STIX TAXII Data Not Showing On Some Days

The FS-ISAC Threat Intelligence STIX TAXII has been enabled in our environment. We received all IOCs from 4/2 but did...

by New Member in

How to apply Throttling based on a condition for a notable event generation?

Requirement 1 :Eg : I have a correlation search which generates , 2000 events with in 24 hours with the same Title "I...

by Path Finder in

Azure query

Hello I have this query: "| tstats `summariesonly` values(Authentication.app) as app,count from datamodel...

by Explorer in

Splunk Enterprise Security: How to add fields to notable event after invoking adaptive response action?

Hi, I am wondering if it is possible to have my adaptive response actions append fields to the notable which trigg...

by Explorer in

How can we monitor if a user clicked on a phishing link or button in an email?

Hi everybody, We have a stream forwarder which sends every mail that enters in an index. It contains everything fro...

by Communicator in

list of events alerted last month

With this query I can see the notable events that are currently active. But not everyone has been alerted even if t...

by Builder in

Splunk Enterprise Security installation error

I have created web.conf file with [settings] max_upload_size = 1024. But im getting error that says [The entity sent ...

by Observer in

JSON to CIM mapping

Hi All, We have a scripted input, which indexes JSON data into Splunk and using SPATH we have writing our correlat...

by Explorer in

Splunk Web scripts and Splunk enterprise Scripts

Can someone help me understand the difference between Splunk Web and Splunk enterprise? and the Python scripts that i...

by Observer in

how to get syslog data from prisma-cloud to splunk??

in My cloud different tools are there like jira,servicenow and there i can send alert notification to that tools ...

by Explorer in

Help with a query

Hi All I have this query index=checkpoint sourcetype=opsec:anti_virus OR sourcetype=opsec:anti_malware Prote...

by Explorer in

Change Time Format of ldapsearch attribute AccountExpired

Hi all, I have been trying to make a search where i can monitor the expired user accounts. So far i have this ...

by Communicator in

addon page not found

after installing nagios addon on splunk web showing page not found is there anyone who can help on this???

by Path Finder in

Problem with a query

Hi Need you help please with a query; "| tstats summariesonly=true allow_old_summaries=true dc(Malware_Attack...

by Explorer in

How to avoid mixng values of assets by 'entitymerge' command in ES

Hi Splunkers , any advice how to avoid mixng values in assets by entitymerge command? I have 5 fileds marked as Mu...

by Contributor in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Monitor network traffic

Is this IP safe //127.0.0.1:8000/en-US/account/login?return_to=%2Fen-US%2F

port scan across multiple "_time" spans

Clarification on search query to detect outliers

ES Sandbox is not available

Want help in creating Splunk Query with specific conditions?

Restrictions filter - Role restrict search

Using Authentication for Enterprise Security Threat Intelligence Feeds

What are the CIM fields created by the Windows TA?

Possible for one Splunk ES for different Splunk Enterprise?

STIX TAXII Data Not Showing On Some Days

How to apply Throttling based on a condition for a notable event generation?

Azure query

Splunk Enterprise Security: How to add fields to notable event after invoking adaptive response action?

How can we monitor if a user clicked on a phishing link or button in an email?

list of events alerted last month

Splunk Enterprise Security installation error

JSON to CIM mapping

Splunk Web scripts and Splunk enterprise Scripts

how to get syslog data from prisma-cloud to splunk??

Help with a query

Change Time Format of ldapsearch attribute AccountExpired

addon page not found

Problem with a query

How to avoid mixng values of assets by 'entitymerge' command in ES

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Asset Identity Framework subnet does not match ip-...

Palo Alto apps and add-ons for splunk

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions