Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Encountered the following error while trying to update: Importing the following role(s) creates a cycle in role inheritance: can_delete, phantom, power, splunk-system-role, user

i got following Error Message While adding Capabilities in Splunk "Encountered the following error while trying to u...

by New Member in

threat intelligence

I am subscribed to a 3rd party threat intelligence called Group-IB. I have the Group-IBapp for splunk installed on m...

by Loves-to-Learn in

Group-IB Threat Intelligence

Hi Splunkers, we have ingested Threat Intelligence Feeds from Group-IB into Splunk, we want to benefit from th...

by Explorer in

How to Identifying XSOAR-Monitored Correlation Searches in Splunk ES

Hello,I'd like to know how to locate the correlation searches that XSOAR is monitoring, rather than the incident revi...

by Builder in

Notable Dashboard for User activity

Dear All, To create the below table for the Notable dashboard in ES, can you please advise. Thanks User1 User1...

by Explorer in

Splunk time parse

Hi, Splunk usually takes the log time event (_time) and parse it to: date_hour, date_mday, date_minute, date_mon...

by Path Finder in

Health warning or error

We have a sandbox environment with vpsphere and it works mostly just fine we believe the time sync is corect becau...

by Path Finder in

Sendemail command email body

Hi All,I am using send email command to send csv file to different recepients based on the search . | eval ...

by Path Finder in

$SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space

Hi All, The data checkpoint file for cloudtrail logs is taking up a lot of disk space (over 100 GB). Is this a nor...

by Engager in

Splunk Enterprise security Audit logs API

How can we fetch the events performed by users in Splunk Enterprise security product from API's?

by Engager in

inputintelligence command not working

hi When I type this command, the following error message is displayed. | inputintelligence mitre_attack error c...

by Loves-to-Learn Lots in

Linux Logs

I am working on Linux based usecases that are available in Splunk ESCU. Most of the usecases are using Endpoint. proc...

by Engager in

Where does the information related to Splunk Investigation get store in Splunk ?

Where is the data from the Splunk Enterprise Security (ES) Investigation Panel stored?In the previous version, it see...

by New Member in

Search for Alert Monitoring.

hello, Could anyone assist me in creating a correlation search to detect triggered alerts across all searches. This...

by Builder in

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

We are having issues with pan:firewall_cloud parser (which came with the Palo Alto Netowrks Add-on) not parsing logs ...

by Engager in

How to create separate incident review dashboard for different team.

Dear All, Please suggest how to create separate incident review dashboard for different team.OR How the notable wil...

by Loves-to-Learn Everything in

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Hello together, I installed in Splunk Single Instance Deployment with version 9.0.4 the Splunk ES 7.11 via CLI. ...

by Engager in

Tune out blocks for Threat Activity Detected in ES.

I'm a bit of a rookie and trying to tune the "Threat Activity Detected" correlation search in ES. I would like to tak...

by Path Finder in

Changing time in my CMC app!!

Hi,I'm new to Splunk and wanted to change the time zone of my Splunk cloud deployment.As of now in my Cloud Monitorin...

by Path Finder in

Exclude a Region/Country

Hello, when I run the below SPL , it gave me all the region that a user have accessed from. if I want to exclu...

by Engager in

MITRE ATT&CK Navigator Layer

Is anyone aware of a way, other than manually, of creating a MITRE ATT&CK Navigator Layer based on the rules enabled ...

by Explorer in

Updating all the apps On Splunk cloud Victoria(latest) in one go!!

Hi Splunkers,I do see 5-6 apps to update in my Splunk cloud, it's asking for restart whenever I'm hovering over updat...

by Path Finder in

How can I automatically and evenly assign notables to the team in ES?

Hi, I'm trying to setup a way to automatically assign notables to the analysts, and evenly. The "default owner" in ...

by Engager in

How to send email from ES adaptive response action?

I want to send customize email from Splunk ES adaptive response action. How do i add custom templet for email Messa...

by Path Finder in

Indexer Volumes(Disks) in a Smartstore configuration

Hi All, It is recommended to use the i3.8xlarge instance type which comes with ephemeral storage for Splunk indexe...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Encountered the following error while trying to update: Importing the following role(s) creates a cycle in role inheritance: can_delete, phantom, power, splunk-system-role, user

threat intelligence

Group-IB Threat Intelligence

How to Identifying XSOAR-Monitored Correlation Searches in Splunk ES

Notable Dashboard for User activity

Splunk time parse

Health warning or error

Sendemail command email body

$SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space

Splunk Enterprise security Audit logs API

inputintelligence command not working

Linux Logs

Where does the information related to Splunk Investigation get store in Splunk ?

Search for Alert Monitoring.

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

How to create separate incident review dashboard for different team.

How do I solve ES Error: Cannot read properties of undefined (reading 'value')?

Tune out blocks for Threat Activity Detected in ES.

Changing time in my CMC app!!

Exclude a Region/Country

MITRE ATT&CK Navigator Layer

Updating all the apps On Splunk cloud Victoria(latest) in one go!!

How can I automatically and evenly assign notables to the team in ES?

How to send email from ES adaptive response action?

Indexer Volumes(Disks) in a Smartstore configuration

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...

Multi-Select in HTML for Alert Action does not ret...