Splunk Enterprise Security

Discussions

Thread Info

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

We are having issues with pan:firewall_cloud parser (which came with the Palo Alto Netowrks Add-on) not parsing logs ...

by Engager in

How to create separate incident review dashboard for different team.

Dear All, Please suggest how to create separate incident review dashboard for different team.OR How the notable wil...

by Loves-to-Learn Everything in

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Hello together, I installed in Splunk Single Instance Deployment with version 9.0.4 the Splunk ES 7.11 via CLI. ...

by Engager in

Tune out blocks for Threat Activity Detected in ES.

I'm a bit of a rookie and trying to tune the "Threat Activity Detected" correlation search in ES. I would like to tak...

by Path Finder in

Changing time in my CMC app!!

Hi,I'm new to Splunk and wanted to change the time zone of my Splunk cloud deployment.As of now in my Cloud Monitorin...

by Path Finder in

Exclude a Region/Country

Hello, when I run the below SPL , it gave me all the region that a user have accessed from. if I want to exclu...

by Engager in

MITRE ATT&CK Navigator Layer

Is anyone aware of a way, other than manually, of creating a MITRE ATT&CK Navigator Layer based on the rules enabled ...

by Explorer in

Updating all the apps On Splunk cloud Victoria(latest) in one go!!

Hi Splunkers,I do see 5-6 apps to update in my Splunk cloud, it's asking for restart whenever I'm hovering over updat...

by Path Finder in

How can I automatically and evenly assign notables to the team in ES?

Hi, I'm trying to setup a way to automatically assign notables to the analysts, and evenly. The "default owner" in ...

by Engager in

How to send email from ES adaptive response action?

I want to send customize email from Splunk ES adaptive response action. How do i add custom templet for email Messa...

by Path Finder in

Indexer Volumes(Disks) in a Smartstore configuration

Hi All, It is recommended to use the i3.8xlarge instance type which comes with ephemeral storage for Splunk indexe...

by Engager in

How to move Enterprise Security to new search head

I'm planning on moving the Enterprise Security app from one search head to another; search heads are not clustered. ...

by Explorer in

Risk-Based Alerting FAQs

For new RBA users, here are some frequently asked questions to help you better get started with the product. 1....

by Splunk Employee in

Description for Notable becomes "Success"

I have a fairly hefty search that are looking for potential brute-force attempts in my network. I have verified that ...

by New Member in

Identies question

Hello, I've set up an identity lookup using ldapsearch - it creates an identity of "username" that contains various...

by Explorer in

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

Hello, We have issues to merge our dhcp_asset_list (made of dns record, mac and ip address) into the Asset & Ident...

by Path Finder in

threat intelligence upload not working too

i get this error when upload a csv file with 2 column that included id number and maliciuos domain but when i go to t...

by Explorer in

Threat intelligence issue

After reviewing the Intelligence Audit Events, the following error message shows up, it seems that the feed cannot wr...

by Loves-to-Learn Lots in

Splunk Security Essentials

I've downloaded the splunk security essential files all into my laptop, but I can't figure out how to upload into int...

by New Member in

need spl into datamodel search

Hi,Need below search into a web datmodel search index=es_web action=blocked host= * sourcetype= *| stats count by cat...

by Builder in

Need changes to the datamodel search

Hi, I aimed to merge the "dropped" and "blocked" values under the "IDS_Attacks.action" field in the output of the d...

by Builder in

Reduce the noise out of Security EventCodes..

Hi,I'm trying to reduce the noise out of these EventCodes which we can exclude in the enterprise security point of vi...

by Builder in

How to create query for showing when was a Notable alert assigned and calculate SLA based off that?

Hi, I need to report on when a Notable alert was changed from the default "unassigned" status to " Acknowledged" stat...

by Builder in

Splunk Enterprise Security Devices support

Dears How to find out what Devices (Switch, Router, etc.), operating systems (Windows, linux, MacOs, etc.), applica...

by Observer in

Developing reliable searches dealing with events indexing delay

Hello everyone, I am concerned about single-event-match (e.g. observable-based) searches and the eventual indexing ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

How to create separate incident review dashboard for different team.

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Tune out blocks for Threat Activity Detected in ES.

Changing time in my CMC app!!

Exclude a Region/Country

MITRE ATT&CK Navigator Layer

Updating all the apps On Splunk cloud Victoria(latest) in one go!!

How can I automatically and evenly assign notables to the team in ES?

How to send email from ES adaptive response action?

Indexer Volumes(Disks) in a Smartstore configuration

How to move Enterprise Security to new search head

Risk-Based Alerting FAQs

Description for Notable becomes "Success"

Identies question

Splunk Enterprise Security: Issue found in "SA-IdentityManagement" : Identity - Asset CIDR Matches - Lookup Gen

threat intelligence upload not working too

Threat intelligence issue

Splunk Security Essentials

need spl into datamodel search

Need changes to the datamodel search

Reduce the noise out of Security EventCodes..

How to create query for showing when was a Notable alert assigned and calculate SLA based off that?

Splunk Enterprise Security Devices support

Developing reliable searches dealing with events indexing delay

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

Drill-down and Next Step are not read in Incident ...

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...

Multi-Select in HTML for Alert Action does not ret...