Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

$SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space

Hi All, The data checkpoint file for cloudtrail logs is taking up a lot of disk space (over 100 GB). Is this a nor...

by Engager in

Splunk Enterprise security Audit logs API

How can we fetch the events performed by users in Splunk Enterprise security product from API's?

by Engager in

inputintelligence command not working

hi When I type this command, the following error message is displayed. | inputintelligence mitre_attack error c...

by Loves-to-Learn Lots in

Linux Logs

I am working on Linux based usecases that are available in Splunk ESCU. Most of the usecases are using Endpoint. proc...

by Engager in

Where does the information related to Splunk Investigation get store in Splunk ?

Where is the data from the Splunk Enterprise Security (ES) Investigation Panel stored?In the previous version, it see...

by New Member in

Search for Alert Monitoring.

hello, Could anyone assist me in creating a correlation search to detect triggered alerts across all searches. This...

by Builder in

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

We are having issues with pan:firewall_cloud parser (which came with the Palo Alto Netowrks Add-on) not parsing logs ...

by Engager in

How to create separate incident review dashboard for different team.

Dear All, Please suggest how to create separate incident review dashboard for different team.OR How the notable wil...

by Loves-to-Learn Everything in

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Hello together, I installed in Splunk Single Instance Deployment with version 9.0.4 the Splunk ES 7.11 via CLI. ...

by Engager in

Tune out blocks for Threat Activity Detected in ES.

I'm a bit of a rookie and trying to tune the "Threat Activity Detected" correlation search in ES. I would like to tak...

by Path Finder in

Changing time in my CMC app!!

Hi,I'm new to Splunk and wanted to change the time zone of my Splunk cloud deployment.As of now in my Cloud Monitorin...

by Path Finder in

Exclude a Region/Country

Hello, when I run the below SPL , it gave me all the region that a user have accessed from. if I want to exclu...

by Engager in

MITRE ATT&CK Navigator Layer

Is anyone aware of a way, other than manually, of creating a MITRE ATT&CK Navigator Layer based on the rules enabled ...

by Explorer in

Updating all the apps On Splunk cloud Victoria(latest) in one go!!

Hi Splunkers,I do see 5-6 apps to update in my Splunk cloud, it's asking for restart whenever I'm hovering over updat...

by Path Finder in

How can I automatically and evenly assign notables to the team in ES?

Hi, I'm trying to setup a way to automatically assign notables to the analysts, and evenly. The "default owner" in ...

by Engager in

How to send email from ES adaptive response action?

I want to send customize email from Splunk ES adaptive response action. How do i add custom templet for email Messa...

by Path Finder in

Indexer Volumes(Disks) in a Smartstore configuration

Hi All, It is recommended to use the i3.8xlarge instance type which comes with ephemeral storage for Splunk indexe...

by Engager in

How to move Enterprise Security to new search head

I'm planning on moving the Enterprise Security app from one search head to another; search heads are not clustered. ...

by Explorer in

Risk-Based Alerting FAQs

For new RBA users, here are some frequently asked questions to help you better get started with the product. 1....

by Splunk Employee in

Description for Notable becomes "Success"

I have a fairly hefty search that are looking for potential brute-force attempts in my network. I have verified that ...

by New Member in

Identies question

Hello, I've set up an identity lookup using ldapsearch - it creates an identity of "username" that contains various...

by Explorer in

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

Hello, We have issues to merge our dhcp_asset_list (made of dns record, mac and ip address) into the Asset & Ident...

by Path Finder in

threat intelligence upload not working too

i get this error when upload a csv file with 2 column that included id number and maliciuos domain but when i go to t...

by Explorer in

Threat intelligence issue

After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot wr...

by Loves-to-Learn Lots in

Splunk Security Essentials

I've downloaded the splunk security essential files all into my laptop, but I can't figure out how to upload into int...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

$SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space

Splunk Enterprise security Audit logs API

inputintelligence command not working

Linux Logs

Where does the information related to Splunk Investigation get store in Splunk ?

Search for Alert Monitoring.

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

How to create separate incident review dashboard for different team.

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Tune out blocks for Threat Activity Detected in ES.

Changing time in my CMC app!!

Exclude a Region/Country

MITRE ATT&CK Navigator Layer

Updating all the apps On Splunk cloud Victoria(latest) in one go!!

How can I automatically and evenly assign notables to the team in ES?

How to send email from ES adaptive response action?

Indexer Volumes(Disks) in a Smartstore configuration

How to move Enterprise Security to new search head

Risk-Based Alerting FAQs

Description for Notable becomes "Success"

Identies question

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

threat intelligence upload not working too

Threat intelligence issue

Splunk Security Essentials

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Splunk Macro cim_Alerts_indexes Error

Editing the alert that is sent to PagerDuty

Is it possible to make it mandatory to assign Owne...

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...