Splunk Enterprise Security

Community Activity

JSON to CIM mapping Hi All, We have a scripted input, which indexes JSON data into Splunk and using SPATH we have writing our correlatio... by loginsoftresear Explorer in Splunk Enterprise Security 10-07-2020 1 8	1	8
Splunk Web scripts and Splunk enterprise Scripts Can someone help me understand the difference between Splunk Web and Splunk enterprise? and the Python scripts that i... by DeepakND Observer in Splunk Enterprise Security 10-06-2020 0 1	0	1
how to get syslog data from prisma-cloud to splunk?? in My cloud different tools are there like jira,servicenow and there i can send alert notification to that toolsso ... by itishree Explorer in Splunk Enterprise Security 10-05-2020 0 2	0	2
Help with a query Hi All I have this queryindex=checkpoint sourcetype=opsec:anti_virus OR sourcetype=opsec:anti_malware Protection_Name... by havatz Explorer in Splunk Enterprise Security 10-05-2020 0 1	0	1
Change Time Format of ldapsearch attribute AccountExpired Hi all,I have been trying to make a search where i can monitor the expired user accounts. So far i have this \| ldapse... by Sasquatchatmars Communicator in Splunk Enterprise Security 10-05-2020 0 2	0	2
addon page not found after installing nagios addon on splunk web showing page not foundis there anyone who can help on this??? by dall Path Finder in Splunk Enterprise Security 10-05-2020 0 3	0	3
Problem with a query HiNeed you help please with a query;"\| tstats summariesonly=true allow_old_summaries=true dc(Malware_Attacks.date) as... by havatz Explorer in Splunk Enterprise Security 10-04-2020 0 2	0	2
How to avoid mixng values of assets by 'entitymerge' command in ES Hi Splunkers , any advice how to avoid mixng values in assets by entitymerge command? I have 5 fileds marked as Mult... by evelenke Contributor in Splunk Enterprise Security 10-02-2020 1 1	1	1
REST API to Modify ES Correlation Search Hello,I am trying to use Splunk's REST API in order to change portions of existing correlation searches created withi... by cwo1010 Explorer in Splunk Enterprise Security 10-02-2020 0 4	0	4
Where can I find the TAXII data? We enabled the TAXII feed and we see under Threat Intelligence Audit that the TAXII feed polling was starting. Where ... by danielbb Motivator in Splunk Enterprise Security 10-02-2020 0 4	0	4
How to find source and sourcetype of notable Hi Folks,I want find all source and sourcetype for enable notables in Splunk ES.Please advise.Regards,D by DawoodKhanUlex Engager in Splunk Enterprise Security 10-02-2020 0 2	0	2
Splunk Common Information Model (CIM): How to distinguish between login and logout events in the Authentication data model? Can someone tell me what in the Authentication data model distinguishes between login and logout? http://docs.splunk.... by MonkeyK Builder in Splunk Enterprise Security 10-02-2020 1 5	1	5
HowTo deploy a set of correlation search within new app to different Splunk ES Hello everyone,i have a set of correlation search (about 250) to deploy in different Splunk ES.Instead of writing the... by LM_ACN Engager in Splunk Enterprise Security 10-01-2020 0 2	0	2
Using custom content with MITRE ATT&CK Framework I have custom content that I've created in SSE and mapped to various parts of the MITRE Framework. The problem is SSE... by chooglin Loves-to-Learn in Splunk Enterprise Security 09-30-2020 0 1	0	1
API AWS query question HiThis is my API AWS query:"search index=aws userIdentity.type=Root eventName=ConsoleLogin earliest=-10d \| rex field... by havatz Explorer in Splunk Enterprise Security 09-29-2020 0 3	0	3
How can I verify (using splunk internal logs) that port 8089 is indeed with SSL and the TLS version used? My question is, how can I prove that the Splunk server.conf enableSplunkdSSL is indeed working and with the sslVersio... by d_lim Path Finder in Splunk Enterprise Security 09-29-2020 0 4	0	4
Incident rewiew does not show events. Good day, I have noticed that the incident review shows no events, for about a day. The indexers were reviewed by m... by Osvaldo91 Engager in Splunk Enterprise Security 09-28-2020 1 3	1	3
Splunk entreprise security status "Pending..." Has anyone presented this problem? by splunkcol Builder in Splunk Enterprise Security 09-28-2020 0 3	0	3
Asset and identity management merge prio into lookup Hi there, The situation is as follows. We've a scheduled search running which is doing LDAP query on Active directory... by eriklp Explorer in Splunk Enterprise Security 09-25-2020 1 7	1	7
Percentage of Indexes’ logs in 24 hours. Can someone help me to identify Percentage of Indexes’ logs in 24 hours.?I have pulled using count like this :index=*... by SabariRajanT Path Finder in Splunk Enterprise Security 09-23-2020 0 1	0	1
Jobs with warning message Splunk ES This warning message indicates that even though it has errors, it is still running or is definitely not working?Async... by splunkcol Builder in Splunk Enterprise Security 09-22-2020 2 1	2	1
Customize Notable Status Order in Dropdown Hi everyone, I have a request from our security team to reorder our notable event statuses in the dropdown. We have... by BenjaminWyatt Communicator in Splunk Enterprise Security 09-21-2020 0 2	0	2
Cookie login - Secure set to true and httponly Hello,Do you know how I can put HttpOnly and Secure to true in cookie login?Security team request It to me.It happens... by DanielSp Explorer in Splunk Enterprise Security 09-21-2020 1 2	1	2
ES Correlation Search index configuration Hello friends,We have Splunk ES and we stored our data in different indexes (OS logs, Network logs, ...)I have a ques... by jg91 Path Finder in Splunk Enterprise Security 09-20-2020 1 1	1	1
SPLUNK ES Notable Event Closure When closing a notable event in SPLUNK Enterprise Security, there are typically the following fields available Status... by thambisetty SplunkTrust in Splunk Enterprise Security 09-20-2020 1 4	1	4