Splunk Enterprise Security

Discussions

Thread Info

Multiple login pages for single splunk instance

I came across different login pages for same instance. One is SSO enabled and another one is local authentication. Wh...

by Engager in

Make "Show on Timeline" default to "Yes" (checked) in Enterprise Security "Add a Note" dialog?

Why in the world is this not the default? How can I force it to be the default?

by Esteemed Legend in

How to access non-threat Intelligence downloads as a file

I have configured ES to download the list of free webmail-hosting domains below as an intelligence download (Data inp...

by Path Finder in

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ?

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ? if yes, pleas...

by Motivator in

Can WinEventLog populate the Endpoint datamodels?

We wonder whether the WinEventLog can be applied to the Endpoint datamodels. It seems to us that - Endpoint.Pro...

by Motivator in

alert if index have no data in the last 24 hours

I want to create alert to check on all indexes event count and alert the list of all indexes that have no events in t...

by Observer in

Capture "Splunk Enterprise Security" Changes

Hello All, Is there is any way to identify "whats all changes performed on Splunk Enterprise Security" . Example ...

by Communicator in

Warning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0

Hi at all, I've just upgraded Splunk Enterprise from 7.1.1 to 8.0.2, Enterprise Security from 5.2.0 to 6.1.0. and all...

by Legend in

How to implement multiple where conditions with like statement using tstats?

Hello, We'd like to monitor configuration changes on our Linux host. For that we want to detect when in the datamo...

by Communicator in

Correlation Search has stopped generating notable events

I have a Correlation Search that ceased generating notable events without any sort of change or adjustment to the sea...

by Path Finder in

Combining two fields with a constant string between

I am pulling two fields from a CSV based off of a field in live logs, then combining them into one field with a const...

by New Member in

How can i utf8processor warn message, using charser auto?

WARN UTF8Processor - Using charset UTF-8, as the monitor is believed over the raw text which may be UTF-16LE - data_s...

by Observer in

Detecting Credential Compromise

Hey Folks, I was about to start Splunking for this particular AWS credential compromise scenario - netflixtechblog...

by Explorer in

Any use cases for darktrace

Hi, Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.

by Path Finder in

What is the easiest way to rename a correlation search?

What is the easiest way to rename a correlation search? There is rename link/button on the correlation search page, a...

by Explorer in

How to change the "From" address when an alert email is generated

we are using Splunk Cloud i want to modify from address(Splunk Cloud alerts@splunkcloud.com ) and want to use custom ...

by Explorer in

Find anomalous network traffic of a user

Hi team, I m trying to find network traffic of a user and classify it as high or normal based on avg and stdev cal...

by Loves-to-Learn Everything in

Splunk sizing and timing

I am developing a monthly report/dashboard for a client and would like to ask the client a lot of none technical ques...

by Explorer in

How to extract fields from csv file?

Hello, We use a python script to export some data every 24 hours from our database and save it in $SPLUNK_HOME/etc...

by Communicator in

Release notes

Are there any release notes available for Thinkst Canary AddOn For Splunk? Any concerns in moving from 1.1.7 to 1.1.1...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Multiple login pages for single splunk instance

Make "Show on Timeline" default to "Yes" (checked) in Enterprise Security "Add a Note" dialog?

How to access non-threat Intelligence downloads as a file

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ?

Can WinEventLog populate the Endpoint datamodels?

alert if index have no data in the last 24 hours

Capture "Splunk Enterprise Security" Changes

Warning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0

How to implement multiple where conditions with like statement using tstats?

Correlation Search has stopped generating notable events

Combining two fields with a constant string between

How can i utf8processor warn message, using charser auto?

Detecting Credential Compromise

Any use cases for darktrace

What is the easiest way to rename a correlation search?

How to change the "From" address when an alert email is generated

Find anomalous network traffic of a user

Splunk sizing and timing

How to extract fields from csv file?

Release notes

Splunk Forwarders and Forced Time Based Load Balancing

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

How can i view the source index where Splunk Enter...

RBAC for Notable events?

What is "Malware Domains threatlist" in Splunk Ent...

How to create query for showing when was a Notable...

Is Splunk Add-on for Symantec Endpoint Protection ...