Splunk Enterprise Security

Discussions

Thread Info

Find anomalous network traffic of a user

Hi team, I m trying to find network traffic of a user and classify it as high or normal based on avg and stdev cal...

by Loves-to-Learn Everything in

Splunk sizing and timing

I am developing a monthly report/dashboard for a client and would like to ask the client a lot of none technical ques...

by Explorer in

How to extract fields from csv file?

Hello, We use a python script to export some data every 24 hours from our database and save it in $SPLUNK_HOME/etc...

by Communicator in

Release notes

Are there any release notes available for Thinkst Canary AddOn For Splunk? Any concerns in moving from 1.1.7 to 1.1.1...

by Path Finder in

Restore SCV

Hi, I accidently deleted a CSV file. Is there any way to restore it or retrieve the CSV file.

by Path Finder in

Customize report

Hi, I have a requirement to customize the report generated in csv format, this is a scheduled report. The report i...

by Explorer in

Issue with CIM Mapping for ES

I am receiving the EMail logs from Proofpoint Email gateway via syslog. The single email communication include the mu...

by Path Finder in

Mapping field values to allowed valued for Enterprise Security (CIM Data Models)

Hi, in my logs I have field named 'action' with the following possible values: detect, prevent, redirect. In order...

by Path Finder in

the differences between "es_notable_events" and "incident_review_lookup"

I'd like to search the status of Incident Review, and have found 2 ways to do it. 1)| inputlookup append=T es_notable...

by Loves-to-Learn Everything in

Is it possible to add an option to a Dashboard to select the search mode?

I built a dashboard (step 1 :)) and would like to add the ability to chose the search mode (via a drop down menu, etc...

by New Member in

No new alerts in notable index, where I can start troubleshouting

Hello All I have problem with Splunk ES, today I've noticed that there is no new alert in Incident Review Panel. I...

by Path Finder in

Windows TA not Parsing "Error_Code" from 4776 Logs

Searching: index=sec_windows source=wineventlog:security EventCode=4776 action=failure should return a field calle...

by Explorer in

Slpunk DB connect APP

i am trying to query the Oracle DB using the statement attached in the case, the query works fine for the batch input...

by New Member in

A Necessity of use cases related to Nessus and Windows.

Hi all, We have the necessity to implements alerts related to Nessus scans and Windows systems. We have seen a few of...

by New Member in

CIM compliance of data from two different sources

I have two set of questions on which I am looking for inputs. 1. I have data from multiple tables for an application....

by Path Finder in

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

I would like to be able to restrict the KPIs of a glass table in ES on refresh interval. The refresh interval can...

by Explorer in

Splunk business questions

Hi Guys I am working for a new client that wants me to develop a monthly report/dashboard for their business. I am tr...

by Explorer in

How to upgrade splunk enterprise and enterprise security?

I have to upgrade splunk enterprise (from 7.2.6 to 8.0.1 ) and enterprise security (from 5.3.0 to 6.0.0) I am followi...

by Explorer in

Splunk Enterprise security version 6 having issues

Splunk Enterprise security version 6 having issues we get the errors in incident review with the SA-Threat Intell...

by New Member in

how to create incident from an triggered alert

Hi, I'm trying to create a alert action to create a incident when any alert gets triggered. Whats the best way to...

by Explorer in

How to control Report time range

I have some saved Splunk reports. I am calling these reports every hour by JAVA API call. If any hour due to some iss...

by Communicator in

ERROR X509 - X509 certificate alternate namedid not match any allowed names

Hi All, I have this issue that device is not logging to splunk. When I checked the splunkd.log I have found this e...

by New Member in

Where to install Phantom Remote Search

Does the Phantom Remote Search app get installed on my Enterprise Security Search Head, a HEC server, or another serv...

by Explorer in

Free Courses for government personnel?

Does Splunk offer any additional courses for government personnel? Kind Regards, Mike

by New Member in

Splunk Enterprise Security Threat Intelligence does not have field "Organization"

From my threat intel source, we tried to forward the intelligence source to Splunk ES-> Threat Intelligence The ra...

by Engager in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Find anomalous network traffic of a user

Splunk sizing and timing

How to extract fields from csv file?

Release notes

Restore SCV

Customize report

Issue with CIM Mapping for ES

Mapping field values to allowed valued for Enterprise Security (CIM Data Models)

the differences between "es_notable_events" and "incident_review_lookup"

Is it possible to add an option to a Dashboard to select the search mode?

No new alerts in notable index, where I can start troubleshouting

Windows TA not Parsing "Error_Code" from 4776 Logs

Slpunk DB connect APP

A Necessity of use cases related to Nessus and Windows.

CIM compliance of data from two different sources

Feature Request: restrict the KPIs of a glass table in ES on refresh interval

Splunk business questions

How to upgrade splunk enterprise and enterprise security?

Splunk Enterprise security version 6 having issues

how to create incident from an triggered alert

How to control Report time range

ERROR X509 - X509 certificate alternate namedid not match any allowed names

Where to install Phantom Remote Search

Free Courses for government personnel?

Splunk Enterprise Security Threat Intelligence does not have field "Organization"

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

How to handle Defender Incidents/Alerts with ES No...

Splunk Enterprise Security API support for update ...

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions