Splunk Enterprise Security

Discussions

Thread Info

BlueCoat ThreatPulse -- Does anyone have experience logging data from ThreatPulse?

Greetings - I'm using BlueCoat ThreatPulse as a web filter ('cloud' based). The only method to pull their logs is vi...

by Engager in

Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the current version will support the 7.0 and above

Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the curren...

by New Member in

HPE Aruba ClearPass App for Splunk Enterprise: How to configure the app for my Splunk instance?

I have a Splunk instance with a Search Head (SH) and two load balanced Indexers. There are two Heavy Forwarders (HF) ...

by Communicator in

ThreatQuotient Integration With Splunk ES App

Hello All, I am currently working on integration of Threatquotient feed to Splunk. I am successful in getting ...

by Engager in

Add Adaptive Response fields to Notable Event

I've done quite a bit of research on this top and I've found this post from a few years ago which references George S...

by Path Finder in

What is the purpose of the `useother` macro

Looking at some of the built in dashboards in Enterprise Security, there is a macro named useother | tstats count ...

by Path Finder in

How Do I Map Splunk Security Content to MITRE ATT&CK?

I would like to map the Splunk Security Content from Enterprise Security (ES), Enterprise Security Content Update (ES...

by Splunk Employee in

Splunk Azure Deployment questions

Hey All, We are researching a potential Splunk deployment to the Azure cloud but had a few questions. In the do...

by Builder in

Does the Splunk Enterprise Security license expire?

How does the Splunk enterprise security expire? Is it related to the license? My client is asking - if Enterprise ...

by Builder in

Splunk Enterprise Security App Integration with Ticketing / Incident Response System

We recently emailed Splunk with some questions regarding the integration of Splunk Enterprise Security App into a tic...

by Explorer in

map_notable_fields in ES bug ?

Hi guys I have this search: | datamodel "Malware" "Malware_Attacks" search | `drop_dm_object_name(Malware_Attac...

by Path Finder in

Can you help us migrate Splunk Enterprise to Splunk Cloud?

Hi Team, Recently, we have purchased Splunk Cloud for our organization. And currently we have all of our setup in...

by Path Finder in

metatada from index manipulation with aliases

I wanted to use the metadata command to monitor the last time an IDS sensor fed in our index. Because we are using fi...

by Engager in

Where I can find Interactive dashboard example for SOC/NOC ?

I have seen splunk dashboard example but not find to interactive for my case.please suggest me some good example for ...

by Explorer in

How to integrate Symantec Control Compliance Suite with Splunk ?

How to integrate Symantec Control Compliance Suite with Splunk ? Has anyone done this before and how.

by Communicator in

Enterprise Security script exited abnormally status="exited with code 3"

hi gents, we are getting the following error in our search heads. any ideas about what can be happening? I already...

by Builder in

In Splunk Enterprise Security, can you help me with my Use Cases set up?

I want to set up a use case in Splunk, and I am new in this application Logon failures for a user ID during a...

by New Member in

Configuring Notable event

I am trying to create a notable event I am writing a query (index=****** EventCode=4771) in search App and then click...

by New Member in

In Splunk Enterprise Security, how do you go about keeping historical data on a cron job alert that alerts on new Information?

I am pulling information from a search that I need to keep but update on top of. For example, my search is findin...

by New Member in

Help with Splunk Enterprise Security IP threat intelligence lookup

Hello Splunkers, I want to create my own saved search in Splunk Enterprise Security working on IP threat intellige...

by New Member in

Splunk Enterprise Security

Discussions

BlueCoat ThreatPulse -- Does anyone have experience logging data from ThreatPulse?

Do we have an app/add-on for citrix netscaler load balancer for splunk 7.0 above versions . otherwise will the current version will support the 7.0 and above

HPE Aruba ClearPass App for Splunk Enterprise: How to configure the app for my Splunk instance?

ThreatQuotient Integration With Splunk ES App

Add Adaptive Response fields to Notable Event

What is the purpose of the `useother` macro

How Do I Map Splunk Security Content to MITRE ATT&CK?

Splunk Azure Deployment questions

Does the Splunk Enterprise Security license expire?

Splunk Enterprise Security App Integration with Ticketing / Incident Response System

map_notable_fields in ES bug ?

Can you help us migrate Splunk Enterprise to Splunk Cloud?

metatada from index manipulation with aliases

Where I can find Interactive dashboard example for SOC/NOC ?

How to integrate Symantec Control Compliance Suite with Splunk ?

Enterprise Security script exited abnormally status="exited with code 3"

In Splunk Enterprise Security, can you help me with my Use Cases set up?

Configuring Notable event

In Splunk Enterprise Security, how do you go about keeping historical data on a cron job alert that alerts on new Information?

Help with Splunk Enterprise Security IP threat intelligence lookup

Inconsistent Splunk ES User Lookups (Incident Revi...

Analytic Story Execution ASX - Proxy support

Splunk App and Add-on for Amazon Web Services: Log...

Splunk Security Essentials not showing ESCU conten...

Threat intelligence framework