Splunk Enterprise Security

Discussions

Thread Info

Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel

Maily I have three sourcetypes sourcetype=Officescan ( workstation logs( signature update, malware etc) sourcetype =...

by Communicator in

Display a pie from different values summing some of them

Hi All, I need to show a pie for failed and succeed values, we know those values from the field "type" but 3 of them ...

by New Member in

How to create a search for resting users and users changing their password

I'm trying to make a search that allows me to see users resting and changing their password. I have this SPL: inde...

by New Member in

Investigations in ES vs Phantom

In recent discussions with Splunkers and customers, I keep hearing about how the plan is to launch investigations in ...

by Engager in

How to set up cron to run search out of working hours?

Hello, We would like to run a correlation search every 15 minutes but only out of working hours. It means from 6pm...

by Communicator in

need some help in writing SPL for below scenerio

i Have 2 source types each source type having asset_id field i want a search to display same asset_id that is in both...

by Explorer in

How to build a lookup list without fields

Is it possible to import a lot of IP addresses into a lookup list and search the lookup list without assigning the ad...

by Path Finder in

How to I pass 2 fields from subsearch

Hi guys, I'm having a query that take 2 fields from specific index type, and then going out to the main index in orde...

by New Member in

Multiple login pages for single splunk instance

I came across different login pages for same instance. One is SSO enabled and another one is local authentication. Wh...

by Engager in

Make "Show on Timeline" default to "Yes" (checked) in Enterprise Security "Add a Note" dialog?

Why in the world is this not the default? How can I force it to be the default?

by Esteemed Legend in

How to access non-threat Intelligence downloads as a file

I have configured ES to download the list of free webmail-hosting domains below as an intelligence download (Data inp...

by Path Finder in

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ?

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ? if yes, pleas...

by Motivator in

Can WinEventLog populate the Endpoint datamodels?

We wonder whether the WinEventLog can be applied to the Endpoint datamodels. It seems to us that - Endpoint.Pro...

by Motivator in

Capture "Splunk Enterprise Security" Changes

Hello All, Is there is any way to identify "whats all changes performed on Splunk Enterprise Security" . Example ...

by Communicator in

Warning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0

Hi at all, I've just upgraded Splunk Enterprise from 7.1.1 to 8.0.2, Enterprise Security from 5.2.0 to 6.1.0. and all...

by Esteemed Legend in

How to implement multiple where conditions with like statement using tstats?

Hello, We'd like to monitor configuration changes on our Linux host. For that we want to detect when in the datamo...

by Communicator in

Correlation Search has stopped generating notable events

I have a Correlation Search that ceased generating notable events without any sort of change or adjustment to the sea...

by Path Finder in

Combining two fields with a constant string between

I am pulling two fields from a CSV based off of a field in live logs, then combining them into one field with a const...

by New Member in

How can i utf8processor warn message, using charser auto?

WARN UTF8Processor - Using charset UTF-8, as the monitor is believed over the raw text which may be UTF-16LE - data_s...

by Observer in

Detecting Credential Compromise

Hey Folks, I was about to start Splunking for this particular AWS credential compromise scenario - netflixtechblog...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Trend Micro officescan and deepsecurity sourcetype as not papulating in Malware datamodel

Display a pie from different values summing some of them

How to create a search for resting users and users changing their password

Investigations in ES vs Phantom

How to set up cron to run search out of working hours?

need some help in writing SPL for below scenerio

How to build a lookup list without fields

How to I pass 2 fields from subsearch

Multiple login pages for single splunk instance

Make "Show on Timeline" default to "Yes" (checked) in Enterprise Security "Add a Note" dialog?

How to access non-threat Intelligence downloads as a file

Anyone have experience with ingesting Nessus scan data into Splunk with the new Tenable app/add-on ?

Can WinEventLog populate the Endpoint datamodels?

Capture "Splunk Enterprise Security" Changes

Warning after Splunk upgrade to 8.0.2 and Enterprise Security to 6.1.0

How to implement multiple where conditions with like statement using tstats?

Correlation Search has stopped generating notable events

Combining two fields with a constant string between

How can i utf8processor warn message, using charser auto?

Detecting Credential Compromise

.conf23 Registration is Now Open!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...

Migrating Splunk Enterprise Security from VM to ne...