Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Splunk entreprise security status "Pending..."

Has anyone presented this problem?

by Builder in

Asset and identity management merge prio into lookup

Hi there, The situation is as follows. We've a scheduled search running which is doing LDAP query on Active direct...

by Explorer in

Percentage of Indexes’ logs in 24 hours.

Can someone help me to identify Percentage of Indexes’ logs in 24 hours.? I have pulled using count like this :inde...

by Path Finder in

Jobs with warning message Splunk ES

This warning message indicates that even though it has errors, it is still running or is definitely not working? As...

by Builder in

Customize Notable Status Order in Dropdown

Hi everyone, I have a request from our security team to reorder our notable event statuses in the dropdown. We h...

by Communicator in

Cookie login - Secure set to true and httponly

Hello, Do you know how I can put HttpOnly and Secure to true in cookie login? Security team request It to me. ...

by Explorer in

ES Correlation Search index configuration

Hello friends, We have Splunk ES and we stored our data in different indexes (OS logs, Network logs, ...) I have ...

by Path Finder in

SPLUNK ES Notable Event Closure

When closing a notable event in SPLUNK Enterprise Security, there are typically the following fields available Sta...

by SplunkTrust in

Insert a glass table into a dashboard

Enterprise Security has a nice Glass Table feature. I'm wondering if it is possible to include it within dashboard? O...

by Explorer in

Manual Notable Event

I was trying to create a manual notable event using "sendalert notable". But the name of the notable is coming as "Ma...

by Communicator in

Splunk ES on version 7.3.3: How to get consistent user lookups on both incident reviews and investigations?

The Owner selection in Incident Review filters by the account "Full name", but the Investigations filter to add users...

by Communicator in

How can I set up an email notification when an incident is assigned

How can I set up an email alert to notify someone who is assigned the incident from the incident review page?

by Explorer in

How to track on ES the timestamp whenever I changed in the investigations section the status of any investigation

I am trying to figure out how I can track the timestamp whenever I changed the status of any recently opened investig...

by Explorer in

Bundle issues with SHC

Hi all, I'm having these error messages - Streamed seach execute failed beacuse: Error in 'lookup' command: Could...

by Path Finder in

Splunk Security Essentials

Hi all, Just installed splunk security essentials app and after that did a "Start Searches" , its running for long...

by New Member in

Top alerts fires

Please I am looking for a query to search for the top alerts that fired within 2 weeks (or within a time frame). I ...

by Path Finder in

Is there an easy way to configure HTTP proxy for Analytic Story Execution (ASX) App?

Hi fellow Splunkers, I've stumbled upon a cool piece of code, namely the ASX app that allows you to load configura...

by Builder in

Trigger an action manually

I need an action for an incident responder to send a selected event's data via email. I can define notable actions, b...

by Explorer in

KV Store Lookup to Email with timestamp search

Hi Team I am searching to confirm the SPL to poll a KV Store check the status of the es_notable_events when a statu...

by Explorer in

metadata/local.meta question

Hello, so I was looking at my metadata/local.meta and it is only the following 4 lines: [savedsearches/mysavedsearc...

by Path Finder in

Splunk search on two different indexes and retrieve a matching value from one index

Hi All, I have two indexes. Index A | table email_usersIndex B | table email, Group email_users and email field...

by Explorer in

How to implement an App or Add-on that enables Splunk employees to report security incidents?

I would like to integrate an app or add-on into Splunk that enables employees in the company to bring anomalies into ...

by New Member in

Splunk App and Add-on for Amazon Web Services: Log search Cloudfront .gz log from S3 files

I'm not able to search cloud-front logs from S3. There is no results. But I'm able to search ELB logs and Cloud-trail...

by New Member in

Can I add the sendemail response action with the link to incident review page for a correlation search

I've created a correlation search, then I want to add the send email response action with a link to this rule that sh...

by Explorer in

Maxmind Threat Intelligence Database is not downloading

Hi there, I noticed that the URL path for the MaxMind ASN Database has changed on, to another path, and the siem can ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk entreprise security status "Pending..."

Asset and identity management merge prio into lookup

Percentage of Indexes’ logs in 24 hours.

Jobs with warning message Splunk ES

Customize Notable Status Order in Dropdown

Cookie login - Secure set to true and httponly

ES Correlation Search index configuration

SPLUNK ES Notable Event Closure

Insert a glass table into a dashboard

Manual Notable Event

Splunk ES on version 7.3.3: How to get consistent user lookups on both incident reviews and investigations?

How can I set up an email notification when an incident is assigned

How to track on ES the timestamp whenever I changed in the investigations section the status of any investigation

Bundle issues with SHC

Splunk Security Essentials

Top alerts fires

Is there an easy way to configure HTTP proxy for Analytic Story Execution (ASX) App?

Trigger an action manually

KV Store Lookup to Email with timestamp search

metadata/local.meta question

Splunk search on two different indexes and retrieve a matching value from one index

How to implement an App or Add-on that enables Splunk employees to report security incidents?

Splunk App and Add-on for Amazon Web Services: Log search Cloudfront .gz log from S3 files

Can I add the sendemail response action with the link to incident review page for a correlation search

Maxmind Threat Intelligence Database is not downloading

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Palo Alto apps and add-ons for splunk

Dashboard PNG schedule export setting is not viewa...

Incident_updates_lookup not updating urgency and r...

Create Investigation SOAR

Correlation Search: Next Step: Ping - NSLOOKUP - R...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions