Splunk Enterprise Security

Discussions

Thread Info

IBM X-force Threat Intelligence feed integration with Splunk ES

Can some one please help if you have any document on how to integrate the IBM X-force Threat intelligence feed with S...

by Path Finder in

Splunk Enterprise Security: Cisco ASA logs extracting in ES search- in search and reporting, but not in ES search?

Hi, I have the Cisco ASA TA installed and things look great on my Enterprise Security search head when I search for t...

by Path Finder in

Subsearch results not matching special characters

Hi, I'm trying to match email events which may consists of alphabets, numbers and special characters and do a coun...

by New Member in

Lookup: 'PrivilegedRiskScores' is missing

With Security Essentials, I get an error: [Indexer] Streamed search execute failed because: Error in 'lookup' comm...

by Communicator in

Splenk ES Threat Intel - Any help or Benefit ?

HI all, Anyone out there had any benefit from the free Threat intel List in Splunk ES? Its causing alot of noise,...

by New Member in

Splunk ES 6.0 installation fails

Hi folks, I'm trying to install newly released Splunk ES 6.0, but it keeps on failing during the "post installation c...

by Explorer in

Splunk Enterprise 7.1, ES 5.1 and phased_execution_mode

I have been looking into upgrading our Splunk Enterprise deployment to version 7.1.1, which would also require upgrad...

by Path Finder in

How to add new field to a search from results of another search

PLEASE BE PATIENT I AM NEW TO THIS All, I am trying to use the results of a search (search 1) and create a new fie...

by Explorer in

lookup table trouble

I cant figure this out. I cant get my query to check a lookup to verify if the identified recipient from the phish lo...

by New Member in

Problem after upgrade Splunk ES from version 5.1.0 to 5.2.2

Hello, I have a problem after the upgrade of the application Splunk ES from version 5.1.0 to 5.2.2 on the Splunk E...

by New Member in

Need help with threat activity dashboards in ESS

Hello, My Threat Activity dashboards returning zero result found message on every dashboard. I turned on data...

by Path Finder in

KVStoreConfigurationProvider: KV Store is not available, status is 'failed'

Installing Splunk Enterprise Security and getting the ERROR: KVStoreConfigurationProvider - KV Store is not available...

by Engager in

Splunk Cloud support for version 2.x?

Are there any plans to support Splunk Cloud with newer versions of this TA? Currently, the only version supported by ...

by Explorer in

cannot find saved alert in enterprise security app

I have saved a search query as an alert on enterprise security app, but i cannot find them in alerts tab ( search & r...

by New Member in

Splunk Add-on for ServiceNow configuration

Morning! Looking for some assistance with an error that I am receiving when I try and configure the Splunk add-on fo...

by New Member in

Splunk Telecommunication App to ingest RADIUS Account START|STOP record

Hi there, I have a scenario that we are trying to design for a Telco to improve on overall IP/MSISDN subscriber re...

by New Member in

How to Splunk getting data from windows servers

Hello, I want to blacklist the first four host to stop getting data from these servers, I have blacklisted them in...

by New Member in

The "Run Adaptive Response Actions" is not listing all the alert actions in Splunk where while editing the correlation searches the options are available under "Adaptive Response Actions"

Description: 1. I have installed TA-thehive & TA-PagerDuty on Splunk ES search head. 2. While editing the correlation...

by Splunk Employee in

Splunk ES: TA-fortinet field extractions not working because of wrong fieldnames in TA

I tried to use the TA-fortinet, built-in in ES - for FortiGate logs send via FortiAnalyzer in syslog format. But the...

by Explorer in

Splunk TA Fortinet feild alias breaks for signature field (events related to ips or virus).

Splunk TA Fortinet field alias breaks for the signature field (events related to ips or virus). We are using Spunk...

by New Member in

Splunk Enterprise Security

Discussions

IBM X-force Threat Intelligence feed integration with Splunk ES

Splunk Enterprise Security: Cisco ASA logs extracting in ES search- in search and reporting, but not in ES search?

Subsearch results not matching special characters

Lookup: 'PrivilegedRiskScores' is missing

Splenk ES Threat Intel - Any help or Benefit ?

Splunk ES 6.0 installation fails

Splunk Enterprise 7.1, ES 5.1 and phased_execution_mode

How to add new field to a search from results of another search

lookup table trouble

Problem after upgrade Splunk ES from version 5.1.0 to 5.2.2

Need help with threat activity dashboards in ESS

KVStoreConfigurationProvider: KV Store is not available, status is 'failed'

Splunk Cloud support for version 2.x?

cannot find saved alert in enterprise security app

Splunk Add-on for ServiceNow configuration

Splunk Telecommunication App to ingest RADIUS Account START|STOP record

How to Splunk getting data from windows servers

The "Run Adaptive Response Actions" is not listing all the alert actions in Splunk where while editing the correlation searches the options are available under "Adaptive Response Actions"

Splunk ES: TA-fortinet field extractions not working because of wrong fieldnames in TA

Splunk TA Fortinet feild alias breaks for signature field (events related to ips or virus).

Security Essentials / MITRE ATT&CK

Parsing the "_raw" field of Splunk Python SDK resu...

Missed macro ec2_excessive_terminateinstances_mltk...

MITRE-ATTACK latest threat list can not be downloa...

Failing to add Threat Intelligence Feed to Splunk ...