Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
nareerat_pr
I've created a correlation search, then I want to add the send email response action with a link to this rule that sh...
by nareerat_pr Explorer in Splunk Enterprise Security 09-07-2020
0 1
0
1
josephliion
Hi there, I noticed that the URL path for the MaxMind ASN Database has changed on, to another path, and the siem can ...
by josephliion Explorer in Splunk Enterprise Security 09-04-2020
3 7
3
7
Splunkometry88
Hi TeamI am looking to send an email alert once the notable event is closed, I can send an email when the notable eve...
by Splunkometry88 Explorer in Splunk Enterprise Security 09-04-2020
0 1
0
1
jadengoho
Why do we encounter this  "Does not meet the recommended minimum system"  only for ESSH03 even though all of the syst...
by jadengoho Builder in Splunk Enterprise Security 09-04-2020
0 3
0
3
Splunkometry88
Hi allI have a threat feed that is available via using an API key only, I could not see any way to add the API key to...
by Splunkometry88 Explorer in Splunk Enterprise Security 09-04-2020
0 1
0
1
astatrial
Hi everyone,Introduction:We have Palo Alto products, and we have also installed the appropriate add-on and apps. We m...
by astatrial Contributor in Splunk Enterprise Security 09-03-2020
0 2
0
2
vik_splunk
Hi All,We notice a seemingly weird behaviour where modifying the notable severity in a correlation search brings up h...
by vik_splunk Communicator in Splunk Enterprise Security 09-02-2020
0 6
0
6
Laszlo_K
Enabled 3 ESCU rules in ES and mapped them in SSE using Content Introspection on the Manage Bookmarks page.After a Re...
by Laszlo_K Explorer in Splunk Enterprise Security 09-02-2020
0 0
0
0
abhinav_go
Hi ,Can anyone provide me approach/steps for integrating threat intelligence framework to Splunk ES.Also , how to pul...
by abhinav_go Explorer in Splunk Enterprise Security 09-01-2020
1 0
1
0
jaracan
Hi Team,We are planning to upgrade from Splunk Enterprise v7.2.9.1 to Splunk Enterprise v8.0.x on the next few months...
by jaracan Communicator in Splunk Enterprise Security 09-01-2020
0 1
0
1
enugeelumpfz
Hi Everyone, We have Suricata NIDS onboard and plans to integrate with Splunk and in particular with Splunk Enterpri...
by enugeelumpfz Engager in Splunk Enterprise Security 08-31-2020
1 5
1
5
diptij
I had converted my Splunk Head to use SSL.I added /opt/splunk/etc/system/local/web.conf and updated [settings] to put...
by diptij Path Finder in Splunk Enterprise Security 08-31-2020
0 2
0
2
moshahin
Hi,I've been trying to get email trace for office365 exchange using the addon in subject. No data is coming under thi...
by moshahin Engager in Splunk Enterprise Security 08-31-2020
1 0
1
0
ak9092
Hi,I have a transaction that goes through multiple Status before its completed.Now the challenge I am facing here is ...
by ak9092 Path Finder in Splunk Enterprise Security 08-31-2020
0 2
0
2
GOB_Bluth
We would like to dynamically assign an owner of a notable event? Our soc would like to round robin the incoming eve...
by GOB_Bluth Explorer in Splunk Enterprise Security 08-30-2020
0 5
0
5
AK007
Hi, We have correlation search with action as notable. Initially we made it low Severity on notable to monitor and se...
by AK007 Engager in Splunk Enterprise Security 08-29-2020
0 3
0
3
Thor1
How to get a complete list with descriptions of correlation searches in the Splunk Enterprise Security app with sourc...
by Thor1 New Member in Splunk Enterprise Security 08-29-2020
0 2
0
2
nmcdowell
I have set up an alert for when logging has stopped on a Windows endpoint using event code 1100, but want to avoid re...
by nmcdowell New Member in Splunk Enterprise Security 08-28-2020
0 3
0
3
danielbb
For our accelerated datamodels,  acceleration.max_concurrent is set to 3 and we reach situations where lots of cpu is...
by danielbb Motivator in Splunk Enterprise Security 08-27-2020
0 2
0
2
shayhibah
Hey,I have one sourcetype named "my_sourcetype".Since I would like to integrate with Splunk ES, I need to map my fiel...
by shayhibah Path Finder in Splunk Enterprise Security 08-27-2020
0 1
0
1
kbrazil899
I am trying to configure SecKit with ES 6.1.1 but I am running into an issue with the configuration I am hoping someo...
by kbrazil899 New Member in Splunk Enterprise Security 08-26-2020
0 1
0
1
majid87
Hello,Im no longer able to retrieve historical data from inputlookup incident_review_lookup . When i check the lookup...
by majid87 Engager in Splunk Enterprise Security 08-26-2020
0 0
0
0
Bassik
Hi, I want to be able to visualise the top 1-5/10 login times based on a time range. So if I select a time range of 2...
by Bassik Path Finder in Splunk Enterprise Security 08-26-2020
0 3
0
3
duoms
Hi, Is there any tools to visualize data lineage in splunk ? https://en.wikipedia.org/wiki/Data_lineage We would like...
by duoms New Member in Splunk Enterprise Security 08-25-2020
0 1
0
1
BenzSann
ES 6.0.2 is python 2/3 but in the Release Notes: “However, this release is not completely dual Python 2 and Python 3 ...
by BenzSann Splunk Employee Splunk Employee in Splunk Enterprise Security 08-24-2020
0 2
0
2
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...