Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
jaracan

Latest and most Stable Splunk Enterprise version 8.x and Splunk ES Version 6.x

Hi Team,We are planning to upgrade from Splunk Enterprise v7.2.9.1 to Splunk Enterprise v8.0.x on the next few months...
by jaracan Communicator in Splunk Enterprise Security 09-01-2020
0 1
0
1
enugeelumpfz

What are the best practices for implementing Suricata Alerts into Splunk Enterprise Security?

Hi Everyone, We have Suricata NIDS onboard and plans to integrate with Splunk and in particular with Splunk Enterpri...
by enugeelumpfz Engager in Splunk Enterprise Security 08-31-2020
1 5
1
5
diptij

splunkd.log has license_warnings_update_interval messages every 20 seconds

I had converted my Splunk Head to use SSL.I added /opt/splunk/etc/system/local/web.conf and updated [settings] to put...
by diptij Path Finder in Splunk Enterprise Security 08-31-2020
0 2
0
2
moshahin

Microsoft Office 365 Reporting Mail

Hi,I've been trying to get email trace for office365 exchange using the addon in subject. No data is coming under thi...
by moshahin Engager in Splunk Enterprise Security 08-31-2020
1 0
1
0
ak9092

How to calculate for what duration the status was in a particular state

Hi,I have a transaction that goes through multiple Status before its completed.Now the challenge I am facing here is ...
by ak9092 Path Finder in Splunk Enterprise Security 08-31-2020
0 2
0
2
GOB_Bluth

Any way to change the default owner of a notable dynamically?

We would like to dynamically assign an owner of a notable event? Our soc would like to round robin the incoming eve...
by GOB_Bluth Explorer in Splunk Enterprise Security 08-30-2020
0 5
0
5
AK007

ES notable urgency changing for old notables.

Hi, We have correlation search with action as notable. Initially we made it low Severity on notable to monitor and se...
by AK007 Engager in Splunk Enterprise Security 08-29-2020
0 3
0
3
Thor1

How to get a complete list with descriptions of correlation searches in the Splunk Enterprise Security app

How to get a complete list with descriptions of correlation searches in the Splunk Enterprise Security app with sourc...
by Thor1 New Member in Splunk Enterprise Security 08-29-2020
0 2
0
2
nmcdowell

How to exclude windows events where logging has restarted after being stopped?

I have set up an alert for when logging has stopped on a Windows endpoint using event code 1100, but want to avoid re...
by nmcdowell New Member in Splunk Enterprise Security 08-28-2020
0 3
0
3
danielbb

Should we lower acceleration.max_concurrent from 3 to ensure stability of the system?

For our accelerated datamodels,  acceleration.max_concurrent is set to 3 and we reach situations where lots of cpu is...
by danielbb Motivator in Splunk Enterprise Security 08-27-2020
0 2
0
2
shayhibah

How to identify eventtype in props.conf

Hey,I have one sourcetype named "my_sourcetype".Since I would like to integrate with Splunk ES, I need to map my fiel...
by shayhibah Path Finder in Splunk Enterprise Security 08-27-2020
0 1
0
1
kbrazil899

SecKit with ES 6.1.1

I am trying to configure SecKit with ES 6.1.1 but I am running into an issue with the configuration I am hoping someo...
by kbrazil899 New Member in Splunk Enterprise Security 08-26-2020
0 1
0
1
majid87

inputlookup incident_review_lookup

Hello,Im no longer able to retrieve historical data from inputlookup incident_review_lookup . When i check the lookup...
by majid87 Engager in Splunk Enterprise Security 08-26-2020
0 0
0
0
Bassik

Trend Login Time Captures - Timechart Report for capturing the top logins times

Hi, I want to be able to visualise the top 1-5/10 login times based on a time range. So if I select a time range of 2...
by Bassik Path Finder in Splunk Enterprise Security 08-26-2020
0 3
0
3
duoms

Data lineage solution in Splunk

Hi, Is there any tools to visualize data lineage in splunk ? https://en.wikipedia.org/wiki/Data_lineage We would like...
by duoms New Member in Splunk Enterprise Security 08-25-2020
0 1
0
1
BenzSann

Is ES 6.0.2 compatible with Python2 or Python 2/3?

ES 6.0.2 is python 2/3 but in the Release Notes: “However, this release is not completely dual Python 2 and Python 3 ...
by BenzSann Splunk Employee Splunk Employee in Splunk Enterprise Security 08-24-2020
0 2
0
2
sreedharmallemp

Unable to add colleagues as Multiple collaborators in the investigation

hi all,We are not able to add any other colleagues as collaborator for the invetsigations. Can someone please help me...
by sreedharmallemp Explorer in Splunk Enterprise Security 08-24-2020
0 1
0
1
phanichintha

Nessus scan shows CVE-2012-4930, CVE-2012-4929 vulnerabilities

Hello All,In my organisation, the Nessus scanner scans the Splunk servers and other application servers. Scanner foun...
by phanichintha Path Finder in Splunk Enterprise Security 08-24-2020
0 1
0
1
shayhibah

Change field value to ES allowed value based on criteria

Hi,In my logs I have the field name action.This field can have several values: allow, detect, block and etc.Since I w...
by shayhibah Path Finder in Splunk Enterprise Security 08-20-2020
0 3
0
3
splunkcol

Why is the number of search artifacts in the dispatch directory higher than recommended?

The following error appears "The number of search artifacts in the dispatch directory is higher than recommended (cou...
by splunkcol Builder in Splunk Enterprise Security 08-19-2020
0 2
0
2
splunky33212

RHEL 7 End of Life and End of Support Dates

Hello,Is there any RHEL 7 End of Life and End of Support Dates? For additional info, we are using software version 8....
by splunky33212 New Member in Splunk Enterprise Security 08-18-2020
0 1
0
1
nbr

Servicenow configuration error 404 using a MID server

I am getting attached error while configuring Splunk Event Ingestion integration in Servicenow. -> verified the commu...
by nbr Explorer in Splunk Enterprise Security 08-17-2020
0 0
0
0
devsplunk11

Invalid account error when trying to access ES Sandbox instance URL?

Hello Team, I am getting error "Invalid account error when trying to access ES Sandbox instance URL?" ThanksLalit
by devsplunk11 New Member in Splunk Enterprise Security 08-16-2020
0 0
0
0
moshahin

Enterprise Security Correlation Rules

Hi,How is it possible that a correlation rule is triggering notables based on data dates back to a previous month? I ...
by moshahin Engager in Splunk Enterprise Security 08-15-2020
0 2
0
2
adnankhan5133

Splunk ES Notable Event Alert Notifications - Alternatives to Email

Currently, in our environment, any notable event that triggers would result in an automatic email sent to a distribut...
by adnankhan5133 Communicator in Splunk Enterprise Security 08-15-2020
0 2
0
2
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...
Top Solution Authors
View All