Splunk Enterprise Security

Discussions

Thread Info

Forwarder not parsing Ossec logs correctly

Hi all, We have our ossec logs from servers being sent to a forwarder and then the forwarder to indexer. On the fo...

by Explorer in

Join two indexes without any unique field

I have two indexes that I need to join to get data from both of them, unfortunately there are no common values on bot...

by Explorer in

SmartStore Cache Policy to Preserve Recent Buckets while searching from S3 Object Store

I want to balance the use of cache capacity with SmartStore. I want to keep recent buckets in cache while allowing ol...

by Loves-to-Learn in

how do i get usernames in cisco meraki logs?

Trying to build user activity/configuration changes monitoring for meraki logs in splunk.

by New Member in

Splunk Indexes question

Hi, 1) I want to move my hot/warm bucket to cold after 90 days, is it possible to roll buckets based on time durat...

by Communicator in

login ID change in Splunk using AD

hello, we are planning to change the Splunk login ID which is linked with AD, the change is due to the existing ID...

by New Member in

How to monitor Splunk users Role modifications?

Hello, We’d like to monitor role modifications of our Splunk accounts. The goal is to know who modified what role ...

by Communicator in

Smartstore unable to replicate buckets

Hi all, We have a Splunk infrastructure with ESS using SmartStore over S3 on AWS. We moved from Splunk 7.3.0 to 7....

by Path Finder in

Trial version of Enterprise Security

Hello, Does a trial version of Splunk App for Enterprise security exist ? Thanks.

by New Member in

All dependent addons for Splunk Enterprise Security App

Hi All, Is there a way to list out all the dependent addons for Splunk Enterprise Security app? For instance, ...

by Path Finder in

Add fields to tstat results

Hi! I want to use a tstats search to monitor for network scanning attempts from a particular subnet: | tstats `...

by Explorer in

how to convert the day into seconds splunk search query

25days convert to seconds and difference with current time to seconds and display the difference time

by New Member in

Ip location return a wrong location after update db

Hi all, I have Splunk ESS Version: 7.1.3. After updating the GeoLite2-City.mmdb db (last 17/3/20) I noticed that i...

by Loves-to-Learn Lots in

DHS AIS and CISCP taxii feeds - setup

Has anyone been able to configure the taxii feeds for AIS and CISCP in Enterprise Security? In the arguments, I have ...

by Path Finder in

Is CCURE add-on compatible with CCURE 9000

by Explorer in

Enterprise Security: Should we use the Cisco StealthWatch Add-On in addition to ES?

We use ES and wonder whether we should use the Cisco StealthWatch Add-On as well. Cisco StealthWatch Add-On say...

by Motivator in

Is it possible to use the Use Case Library of Splunk ES in the sandbox?

I recently activated my 7-days trial sandbox for Splunk Enterprise Security as i want to evaluate the functionality o...

by New Member in

Looking for use cases for NH-ISAC taxii feed in Splunk Enterprise Security

We have successfully implemented the taxii feed from NH-ISAC and are looking for examples or use cases from others th...

by New Member in

web service problem

Hello, I having issue regarding in splunk web that suddenly stopped working. this is the error splunk@splunk:/etc$ cd...

by Engager in

Splunk Enterprise security

in my Splunk ES i want to find below search Count of New Notables created in last 30 daysCount of Modified Correla...

by Explorer in

Sourcetype naming and indexs help!!

Hi guys, I am working as security analyst and I monitor many customers using splunk I usally deal with incidents tha...

by New Member in

Getting an error after degrading Splunk enterprise security.

Unable to initialize modular input "whois" defined in the app "SA-NetworkProtection": Introspecting scheme=whois: scr...

by Path Finder in

Time Range issue: triggered condition is "split" into two cron executions

Hello, Our Horizontal Port Scan correlation search is triggered when a number of request destinations is superior ...

by Communicator in

Alert Trigger send token to Drill Down

I am using Enterprise Security and most of our searches are correlation searches. One of my searches is not able to b...

by Contributor in

Whois specify a WHOIS server (*nix -h flag)

Similar to https://answers.splunk.com/answers/642213/nslookup-on-network-tools-app-with-specified-dns-s.html First...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Forwarder not parsing Ossec logs correctly

Join two indexes without any unique field

SmartStore Cache Policy to Preserve Recent Buckets while searching from S3 Object Store

how do i get usernames in cisco meraki logs?

Splunk Indexes question

login ID change in Splunk using AD

How to monitor Splunk users Role modifications?

Smartstore unable to replicate buckets

Trial version of Enterprise Security

All dependent addons for Splunk Enterprise Security App

Add fields to tstat results

how to convert the day into seconds splunk search query

Ip location return a wrong location after update db

DHS AIS and CISCP taxii feeds - setup

Is CCURE add-on compatible with CCURE 9000

Enterprise Security: Should we use the Cisco StealthWatch Add-On in addition to ES?

Is it possible to use the Use Case Library of Splunk ES in the sandbox?

Looking for use cases for NH-ISAC taxii feed in Splunk Enterprise Security

web service problem

Splunk Enterprise security

Sourcetype naming and indexs help!!

Getting an error after degrading Splunk enterprise security.

Time Range issue: triggered condition is "split" into two cron executions

Alert Trigger send token to Drill Down

Whois specify a WHOIS server (*nix -h flag)

Splunk Classroom Chronicles: Training Tales and Testimonials (Episode 3)

Operationalizing TDIR: Building a More Resilient, Scalable SOC

Almost Too Eventful Assurance: Part 1

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions