Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Use "sendalert risk" from saved search fails

A saved search that ends with | sendalert risk param._risk_score=risk_score runs fine, but fails when run as a ...

by SplunkTrust in

Assign Risk in Correlation Search

We are trying to integrate the risk analysis framework in our incident response process. We have developed a libr...

by Communicator in

How to tune the Splunk App for Enterprise Security to prevent our web logs from being triggered as Personally Identifiable Information Detection?

Hi Everyone, I am still learning Splunk and Enterprise Security and I am working on a problem with Splunk App for ...

by Engager in

Extracting Next Steps in Splunk ES Notables

Hey All, I am still new to Splunk so apology for my ignorance, is there a way to extract "Next Steps" under Adapti...

by New Member in

Splunkbase Add on ServiceNow

When trying to connect the "Splunk Add-on for ServiceNow" I am not able to connect to the ServiceNow instance. ER...

by New Member in

Enterprise Security: Why ES Content Updates doesn’t show the Analytic Stories?

Something looks fishy with this app. No Analytic Stories are available in the app. What should we do?

by Motivator in

"Concurrent Login Attempts Detected" CS results have hostnames and IPs showing as previous_src and src

We're getting false positives on the correlated search, "Concurrent Login Attempts Detected", because the previous_sr...

by Communicator in

script (.bat) only outputs the first 9 lines - manually running command outputs 70+

I'm attempting to get DHCP lease info and as far as I can tell I need write a script to get this info (please let me ...

by Communicator in

WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts

I am getting this message in Splunkd.log on a universal forwarder version 6.5.2. There is no such file called dist...

by Motivator in

Splunk_TA_mimecast_for_splunk_v2-2.0.1 having error while pulling the data from mimecast. - Error -Unexpected error getting raw log data Incorrect padding

I am getting below error after integrating the mimcast app. Please help. 2018-05-20 22:30:22.569 INFO message fro...

by Explorer in

Splunk Rules: How to suppress threat activity alert into one

Hello Dears, We usually see the threat correlation alert suppressed basis on the filed specified as per snap attac...

by Path Finder in

Splunk Enterprise Security Online Sandbox

Started a trial ES sandbox (20-09-2019). Got a link. Everything was working properly till today. License is blocking ...

by Explorer in

how to integrate with splunk and alienvault ?

AlienVault Ossim App by A3SEC i just install the app and follow the document but i didnt get the dashboard same as al...

by New Member in

Does Splunk 7.2 support Onapsis for SAP integration

Hi All, Hope you are doing well. I have requirement to integrate Onapsis for SAP with Splunk. As per app doc...

by Path Finder in

Null value for urgency in incident_review lookup

Hi Splunkers, when we save\close notable events without changing the Urgency we get no any value (null) for urgenc...

by Contributor in

Splunk Enterprise Security: Dashboards not loading data

We have a indexer , heavy forwarder, 2 search head , 1 deployment server . The splunk enterprise Search head dashboar...

by New Member in

Adding field from one search to another

Hello All on Splunk Answer. I have following very simple search: *index=*proxy domain="somedomain.com" | stats ...

by New Member in

Splunk ES Duplicate of Notable Events displaying in Incident Review Dashboard

Hi Everyone, I have an issue where I am seeing am seeing duplicate notable events for a single event. So heres th...

by Path Finder in

Help with creating field extractions for map

Can you help map creating field extractions Please use the ES CIM model where possible for field names: There are...

by Explorer in

How to make second token value be based on choice made for first token

Token 1: <label>OS</label> <choice value="Windows">Windows</choice> <choice value="RedHat">RedHat</choice> ...

by Observer in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Enterprise Security

Discussions

Use "sendalert risk" from saved search fails

Assign Risk in Correlation Search

How to tune the Splunk App for Enterprise Security to prevent our web logs from being triggered as Personally Identifiable Information Detection?

Extracting Next Steps in Splunk ES Notables

Splunkbase Add on ServiceNow

Enterprise Security: Why ES Content Updates doesn’t show the Analytic Stories?

"Concurrent Login Attempts Detected" CS results have hostnames and IPs showing as previous_src and src

script (.bat) only outputs the first 9 lines - manually running command outputs 70+

WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts

Splunk_TA_mimecast_for_splunk_v2-2.0.1 having error while pulling the data from mimecast. - Error -Unexpected error getting raw log data Incorrect padding

Splunk Rules: How to suppress threat activity alert into one

Splunk Enterprise Security Online Sandbox

how to integrate with splunk and alienvault ?

Does Splunk 7.2 support Onapsis for SAP integration

Null value for urgency in incident_review lookup

Splunk Enterprise Security: Dashboards not loading data

Adding field from one search to another

Splunk ES Duplicate of Notable Events displaying in Incident Review Dashboard

Help with creating field extractions for map

How to make second token value be based on choice made for first token

How to put Limit on "edit Selected" option for the...

Is throttling based on trigger time? How do we dec...

What should be the source type for AWS KMS logs to...

Single Enterprise Security searchhead cluster conn...

Trying to set default disposition of a notable cor...