Splunk Enterprise Security

Discussions

Thread Info

Can multiple search head clusters connected to the same index use port 8080?

Hello, Currently we have Single Search Head Cluster with Enterprise Security and single Indexer Cluster. As part o...

by Explorer in

Using Enterprise security

am about to register for Using Enterprise Security but i would like to make sure if am going to receive an official m...

by Explorer in

Problem with Enterprise Security Correlation Search

This Enterprise Security correlation search "Anomalous Audit Trail Activity Detected" is generating a whole bunch of ...

by Explorer in

Splunk CIM upgrade

Currently we are having Splunk CIM 4.11.0 and we would like to upgrade it to Splunk 4.13.0 (to add new Endpoint data ...

by Explorer in

Playbook Having Issues executing

Hi For some reason none of my playbooks finish executing. They simply stay in a loop Even if it is a simple tes...

by Explorer in

CIM on two separate search heads

We have two search heads: - First is used with Enterprise Security with CIM installed and acceleration enabled on som...

by Explorer in

Splunk Enterprise Security: How to view events associated to "Change - Abnormally High Number of Endpoint Changes by User - Rule" source?

Hello, i would like to see the Events associated to this source "Change - Abnormally High Number of Endpoint Chang...

by Path Finder in

Where to get official powerpoint slides for instructors on course "Using Enterprise Security"?

I am supposed to give training for this course "Using Enterprise Security", where can I get an official powerpoint s...

by Explorer in

How to configure an FS-ISAC feed in Splunk App for Enterprise Security 3.3 with a Soltra Edge server?

1st time configuring a feed in the Splunk App for Enterprise Security and I'm spinning my wheels. HELP  I have the S...

by Path Finder in

The meaning of security metrics in Glass Tables

Hi everyone, I am newbie in Splunk. Now I need do a network Diagram in Glass Tables but I don't know exactly the m...

by New Member in

Forwarding Data between Splunk ES and Phantom

I am trying to send data from Splunk ES to Phantom Version is 7.2.6 After downloading Phantom app from Splunk, ...

by Explorer in

Splunk + Crowdstrike (DnsRequest+ImageFileName join)

Hello, I got this query from Crowdstrike Documentation https[://]www[.]crowdstrike[. ]com/blog/tech-center/hunt-th...

by New Member in

How to add "open in search button" for notable events?

When viewing notable events on the Incident Review Dashboard, there is a link named Correlation Search. The link open...

by Path Finder in

What is the difference between Splunk Enterprise & Splunk Enterprise Security and which one shall I implement in my 24/7/365 monitoring SOC?

Hi all, Can anyone let me know the difference between Splunk Enterprise & Splunk Enterprise Security? Are they bot...

by Explorer in

Splunk Enterprise Security

Discussions

Can multiple search head clusters connected to the same index use port 8080?

Using Enterprise security

Problem with Enterprise Security Correlation Search

Splunk CIM upgrade

Playbook Having Issues executing

CIM on two separate search heads

Splunk Enterprise Security: How to view events associated to "Change - Abnormally High Number of Endpoint Changes by User - Rule" source?

Where to get official powerpoint slides for instructors on course "Using Enterprise Security"?

How to configure an FS-ISAC feed in Splunk App for Enterprise Security 3.3 with a Soltra Edge server?

The meaning of security metrics in Glass Tables

Forwarding Data between Splunk ES and Phantom

Splunk + Crowdstrike (DnsRequest+ImageFileName join)

How to add "open in search button" for notable events?

What is the difference between Splunk Enterprise & Splunk Enterprise Security and which one shall I implement in my 24/7/365 monitoring SOC?

Problem to use ML toolkit "apply" command in ES correlation search

How to join searches from two indexes?

Splunk Enterprise Security: How to download threat lists with a customized Authorization HTTP header?

ESS: How to check a file not showing up in threat artifacts

Splunk ES DMA - "Accelerate until maximum time"

How to create a new multivalue field based of answers field?

Missed macro ec2_excessive_terminateinstances_mltk...

MITRE-ATTACK latest threat list can not be downloa...

Failing to add Threat Intelligence Feed to Splunk ...

Inline table not showing in Correlation Search Ema...

XFE app threat intelligence in Splunk