Splunk Enterprise Security

Community Activity

Confirming correct integration of manually uploaded STIX file Hi Splunkers. I've manually uploaded a STIX file into ES. The file has uploaded successfully (file can be seen in /o... by torowa Path Finder in Splunk Enterprise Security 05-18-2020 0 0	0	0
Find events from two indexes based on a time range I have a need to reconcile Splunk ES rule changes. I am using the rest API to pull the "updated" rule changes. The ... by wtaylor149 Explorer in Splunk Enterprise Security 05-18-2020 0 1	0	1
Best Method of Associating External IP with a Description Hi, I'm not exactly sure what is the best way to approach this issue. I have a list of external IP address along with... by luongg Explorer in Splunk Enterprise Security 05-18-2020 0 2	0	2
How to turn on use cases using Splunk Security Essentials? I have identified the log sources and corresponding use cases and book marked.e.g. Basic Brute Force Detection for th... by jas0049 New Member in Splunk Enterprise Security 05-18-2020 0 7	0	7
Want to add severity field in vulnerability by age dashboard in ES Splunk. We have configure ES Splunk in which most of the dashboard are predefined. so Want to add severity field in vulnerabi... by adisxn01 New Member in Splunk Enterprise Security 05-18-2020 0 0	0	0
Send all reports from last hour in an email Hello everyone,current scenario:Reports run every 15 minutes. The output are charts. We take screenshot of those repo... by kirthi_d Engager in Splunk Enterprise Security 05-17-2020 0 6	0	6
How to modify data model in CIM without doing so directly in CIM? Hello, I have a question about modification of data model in CIM: I would like to add one child dataset to DM "Change... by lukasmecir Path Finder in Splunk Enterprise Security 05-15-2020 0 7	0	7
Enterprise Security malware dashboard not populating I'm trying to get the Splunk Enterprise Security Malware dashboards to populate: I'm ingesting data from symantec us... by montydo Explorer in Splunk Enterprise Security 05-15-2020 0 1	0	1
calculations on events for daily alert Hi team, I need to create a alert, where if my daily count is less than 30 % of monthly count average... of a particu... by punithjigali Explorer in Splunk Enterprise Security 05-15-2020 0 1	0	1
user using outside VPN acess can't access externl mail server Good morning,since I've been working from home using VPN access to connect to the office I noticed, I haven't been ab... by cosm0630 New Member in Splunk Enterprise Security 05-15-2020 0 1	0	1
asset_lookup_by_str keeps changing the number of results Hello Experts,Currently I have configured 2 source files for Asset Center and also have configured searches for those... by Ajinkya1992 Path Finder in Splunk Enterprise Security 05-14-2020 0 1	0	1
FIELDALIAS-app = networkConnections{}.applicationName AS app never filled Hello, This app contains a list of Field aliases including a field alias for the field "networkConnections{}.applicat... by Azeemering Builder in Splunk Enterprise Security 05-14-2020 0 0	0	0
Line Breake issue Could you provide me how it can write line break and Time regex below logs . 2020-09-26 19:27:33,092 DEBUG com.edifec... by khalidewaidah Explorer in Splunk Enterprise Security 05-13-2020 0 1	0	1
Can you make custom eval functions? I was curious, and was not able to find an answer online or here, if you are able to create custom eval subcommands. ... by jamolson Path Finder in Splunk Enterprise Security 05-13-2020 1 2	1	2
Splunk Incident Review Adaptive Response not Working Hi splunkers,When ı research an incident and press the ESCU-Contextualize and ESCU-Contextualize return a empty page ... by burakatabay Path Finder in Splunk Enterprise Security 05-13-2020 1 5	1	5
deadlock events which events need to be indexed by microsoft sql add on to monitor dead lock in splunk and how?? by punithjigali Explorer in Splunk Enterprise Security 05-13-2020 0 0	0	0
How to search error message When I search or after running saved search, sometimes error messages are displayed, however activity log shows they ... by kanam Loves-to-Learn Everything in Splunk Enterprise Security 05-12-2020 0 4	0	4
multiple tag eval Hi I am creating a rule in enterprise security and am trying to use multiple tags. \| eval tag="prod_alert" and \| ev... by metahaxorus New Member in Splunk Enterprise Security 05-12-2020 0 2	0	2
SPLUNK ES Notable Event Closure When closing a notable event in SPLUNK Enterprise Security, there are typically the following fields available Status... by willadams Contributor in Splunk Enterprise Security 05-12-2020 0 0	0	0
custom visualization Hi Team, I have javascript source code from github (https://github.com/bramp/js-sequence-diagrams)How to use this in ... by punithjigali Explorer in Splunk Enterprise Security 05-12-2020 0 1	0	1
Rest call to app/SplunkEnterpriseSecuritySuite/ess_notable_suppression_list to pull the details. app/SplunkEnterpriseSecuritySuite/ess_notable_suppression_list I need to pull a report from the Notable Event Suppr... by tonymorin Explorer in Splunk Enterprise Security 05-11-2020 0 0	0	0
Bucket rotation and retention Hi all, i'm here to ask you some information about a current setting i found on an existing Splunk Index. In particul... by LM_ACN Engager in Splunk Enterprise Security 05-11-2020 0 0	0	0
How to find common results of a subsearch with the results of a main search. Hello, I would like to ask you for your help. I have two sources (indexes) in Splunk and need to link it together v... by lemame New Member in Splunk Enterprise Security 05-11-2020 0 4	0	4
How to use tcaddindicator command in threat connect app Hi,Anyone using threat connect app for Splunk. There are a bunch of commands built-in with this app. Do you know how ... by anuremanan88 Explorer in Splunk Enterprise Security 05-11-2020 0 1	0	1
windows server monitoring Hi team, I have used windows add on to get events from server to my splunk instance using universal fowarder. I want ... by punithjigali Explorer in Splunk Enterprise Security 05-09-2020 0 1	0	1