Splunk Enterprise Security

Discussions

Thread Info

How to get a complete list with descriptions of correlation searches in the Splunk Enterprise Security app

How to get a complete list with descriptions of correlation searches in the Splunk Enterprise Security app with sourc...

by New Member in

How to exclude windows events where logging has restarted after being stopped?

I have set up an alert for when logging has stopped on a Windows endpoint using event code 1100, but want to avoid re...

by New Member in

Should we lower acceleration.max_concurrent from 3 to ensure stability of the system?

For our accelerated datamodels, acceleration.max_concurrent is set to 3 and we reach situations where lots of cpu is...

by Motivator in

How to identify eventtype in props.conf

Hey, I have one sourcetype named "my_sourcetype". Since I would like to integrate with Splunk ES, I need to map m...

by Path Finder in

SecKit with ES 6.1.1

I am trying to configure SecKit with ES 6.1.1 but I am running into an issue with the configuration I am hoping someo...

by New Member in

inputlookup incident_review_lookup

Hello, Im no longer able to retrieve historical data from inputlookup incident_review_lookup . When i check the loo...

by Engager in

Trend Login Time Captures - Timechart Report for capturing the top logins times

Hi, I want to be able to visualise the top 1-5/10 login times based on a time range. So if I select a time range of 2...

by Path Finder in

Data lineage solution in Splunk

Hi, Is there any tools to visualize data lineage in splunk ? https://en.wikipedia.org/wiki/Data_lineage We woul...

by New Member in

Is ES 6.0.2 compatible with Python2 or Python 2/3?

ES 6.0.2 is python 2/3 but in the Release Notes: “However, this release is not completely dual Python 2 and Python 3 ...

by Splunk Employee in

Unable to add colleagues as Multiple collaborators in the investigation

hi all,We are not able to add any other colleagues as collaborator for the invetsigations. Can someone please help me...

by Explorer in

Nessus scan shows CVE-2012-4930, CVE-2012-4929 vulnerabilities

Hello All, In my organisation, the Nessus scanner scans the Splunk servers and other application servers. Scanner f...

by Path Finder in

Change field value to ES allowed value based on criteria

Hi, In my logs I have the field name action. This field can have several values: allow, detect, block and etc. ...

by Path Finder in

Why is the number of search artifacts in the dispatch directory higher than recommended?

The following error appears "The number of search artifacts in the dispatch directory is higher than recommended (...

by Builder in

RHEL 7 End of Life and End of Support Dates

Hello, Is there any RHEL 7 End of Life and End of Support Dates? For additional info, we are using software version...

by New Member in

Servicenow configuration error 404 using a MID server

I am getting attached error while configuring Splunk Event Ingestion integration in Servicenow. -> verified the co...

by Explorer in

Invalid account error when trying to access ES Sandbox instance URL?

Hello Team, I am getting error "Invalid account error when trying to access ES Sandbox instance URL?" Tha...

by New Member in

Enterprise Security Correlation Rules

Hi, How is it possible that a correlation rule is triggering notables based on data dates back to a previous month?...

by Engager in

Splunk ES Notable Event Alert Notifications - Alternatives to Email

Currently, in our environment, any notable event that triggers would result in an automatic email sent to a distribut...

by Communicator in

Is there a way to export Splunk reports to csv files automatic

is there any solution can automatically export reports to csv file and forward the files to third-party systems not b...

by Explorer in

Splunk Enterprise Security Content Update and ES documentation inconsequence

User Guide for ESCU version 3.0.5 (https://docs.splunk.com/Documentation/ESSOC/3.0.5/user/ConfigureSplunkEnterpriseSe...

by Explorer in

How to determine where a savedsearch is being used?

Using Splunk ES 5.3.1, I have a saved search that reached the 25GB limit (srchDiskQuota) before being finalized. Thi...

by Path Finder in

Why is the assets_by_cidr.csv lookup file not populating during asset merge?

During searches in Enterprise Security, I get the following error: Empty csv lookup file (contains only a header)...

by Communicator in

Is throttling based on the trigger time or on event time

I would like to confirm what TIME the throttling window duration is using. is it based on the trigger time or on even...

by Engager in

In Splunk ES how do I create a search to find all unassigned and assigned owners to a rule/title

Hi all. Our Incident review page is getting needlessly large and I want to create a dashboard that will populate wi...

by New Member in

LDAP Authentication Debug

How is LDAP authentication supposed to work? When the user logs in, what LDAP query does the Splunk server use to ret...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to get a complete list with descriptions of correlation searches in the Splunk Enterprise Security app

How to exclude windows events where logging has restarted after being stopped?

Should we lower acceleration.max_concurrent from 3 to ensure stability of the system?

How to identify eventtype in props.conf

SecKit with ES 6.1.1

inputlookup incident_review_lookup

Trend Login Time Captures - Timechart Report for capturing the top logins times

Data lineage solution in Splunk

Is ES 6.0.2 compatible with Python2 or Python 2/3?

Unable to add colleagues as Multiple collaborators in the investigation

Nessus scan shows CVE-2012-4930, CVE-2012-4929 vulnerabilities

Change field value to ES allowed value based on criteria

Why is the number of search artifacts in the dispatch directory higher than recommended?

RHEL 7 End of Life and End of Support Dates

Servicenow configuration error 404 using a MID server

Invalid account error when trying to access ES Sandbox instance URL?

Enterprise Security Correlation Rules

Splunk ES Notable Event Alert Notifications - Alternatives to Email

Is there a way to export Splunk reports to csv files automatic

Splunk Enterprise Security Content Update and ES documentation inconsequence

How to determine where a savedsearch is being used?

Why is the assets_by_cidr.csv lookup file not populating during asset merge?

Is throttling based on the trigger time or on event time

In Splunk ES how do I create a search to find all unassigned and assigned owners to a rule/title

LDAP Authentication Debug

Machine Learning - Assisted Adaptive Thresholding

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

Splunk Enterprise Security API support for update ...

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Asset Identity Framework subnet does not match ip-...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions