Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

intelligence lookup source is not working

Hi, I have a intelligence lookup file in SA-ThreatIntelligence APP. This lookup schedule content update with open so...

by New Member in

events and forwarders

Hi When i'm reviewing an EVent, is there a field that tells me if it came from a forwarder?

by Path Finder in

Enterprise Security TAs

Hello All, I am following the instructions to download the TAs so that I can install on my indexers but do not see...

by Contributor in

How to get a developer license for Splunk IT Service Intelligence or Splunk Enterprise Security?

Is there any way to get a developer license of Splunk IT Service Intelligence (ITSI) and/or Splunk Enterprise Securit...

by SplunkTrust in

Query which allows close all notables events considered as FP

Hello alll I have following question: If it is possible to create query which will change owner,status and add not...

by Path Finder in

viewing syntax of dashboards

Hello newbie question here When I log into splunk and drill into DASHBOARDS, I am presented with the list of dashb...

by Path Finder in

Additional field is not populating in ES inscident review page for the AWS cloudtail correlation search.

I have created correlation search to get the alert for the aws cloudtrail activity in enterprise security. Alert is t...

by Explorer in

Checkpoint Opsec Lea Add on Error

Hi All, I am getting the following error post configuring the opsecLEA add on my Heavy Forwarder. We are able to p...

by New Member in

How to run Splunk using python 3.7

I'm developing a Technology AddOn (TA) using Modular Input and as per the latest Splunk norms they will be deprecatin...

by Path Finder in

Enterprise Security compatibility with Splunk v7.3.3

Will ES v6.0 security components such as, content support, framework suport, shared components, integration support. ...

by New Member in

Search common url visited by multiple users

How do i make a query for proxy logs to check multiple users visiting the same links

by New Member in

How to show latest month data in Solid line and rest all months in marker point in line chart?

Hi , I have data for each month like below. For example, Data1 min Months -1 322 Jan-19 1 340 Jan-19 2 200 Jan-19...

by Explorer in

Splunk Enterprise Security: How to remove a notable event from the "Security Posture" dashboard after investigation?

I have a notable event seen in Splunk Enterprise Security's Security Posture dashboard. I have reviewed it and determ...

by Path Finder in

Sysmon query for unauthorized process

How can i detect unauthorized sysmon process of Event ID 4 and 255 using splunk query?

by New Member in

How to find LDAP accounts that have been disabled for longer then 30 days

Hi everyone. I'm new to Splunk and trying to work on a search that would return accounts in LDAP that have already b...

by New Member in

How to create regex with space delimiter field

Hello all, a regex is needed that's way above my head: I have a message field in the notable index that holds multipl...

by Explorer in

Check if Field is a Multivalue Field

Is it possible to check if a certain field is a multi-value field? I'm rewriting some old searches. They contain ...

by Explorer in

update asset list

I have asset list associated with ES. Now I want to remove the assets from the list if they are not reporing more tha...

by Path Finder in

Does Enterprise Security work just fine with a search head cluster?

We read someplace that ES and the SH cluster might be tricky. It is right? or ES works naturally with the SH clus...

by Motivator in

Notable Alerts are triggering late..

I have an alert with 'Notable' Alert action. While checking the notable index i could see the notables triggered by ...

by Communicator in

Mount Volume to Forwarder Container

Hello, I am trying to install the Splunk UF on a Docker container and mount the container to a specific volume. I ...

by New Member in

how to calculate time between events for the past month

Hello, I have an index for a symantec produt, and I have to write a search to alert if any of the sourcetypes doe...

by New Member in

Dashboard Link

Scenario: I have two panels in one dashboard. Panel A and Panel B. I need a system that, when i click on A only that ...

by New Member in

Symantec email gateway (Cloud) with SPLUNK (on-premise) integration

We are using Symantec email gateway (Cloud)for email filtering (inbound and outbound), We would like to integrate ema...

by New Member in

How to list values using tstats in Splunk ES

Hi, I am using below search query which list's out the sequence of login using standard querying. What the below q...

by Communicator in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

intelligence lookup source is not working

events and forwarders

Enterprise Security TAs

How to get a developer license for Splunk IT Service Intelligence or Splunk Enterprise Security?

Query which allows close all notables events considered as FP

viewing syntax of dashboards

Additional field is not populating in ES inscident review page for the AWS cloudtail correlation search.

Checkpoint Opsec Lea Add on Error

How to run Splunk using python 3.7

Enterprise Security compatibility with Splunk v7.3.3

Search common url visited by multiple users

How to show latest month data in Solid line and rest all months in marker point in line chart?

Splunk Enterprise Security: How to remove a notable event from the "Security Posture" dashboard after investigation?

Sysmon query for unauthorized process

How to find LDAP accounts that have been disabled for longer then 30 days

How to create regex with space delimiter field

Check if Field is a Multivalue Field

update asset list

Does Enterprise Security work just fine with a search head cluster?

Notable Alerts are triggering late..

Mount Volume to Forwarder Container

how to calculate time between events for the past month

Dashboard Link

Symantec email gateway (Cloud) with SPLUNK (on-premise) integration

How to list values using tstats in Splunk ES

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Editing the alert that is sent to PagerDuty

Is it possible to make it mandatory to assign Owne...

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...