Splunk Enterprise Security

Splunk Enterprise Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
vikram1583

can some one help which CIM model maps to below event

can you see if these events can fit into the Malware data model LogName=Application SourceName=Trend Micro OfficeScan...
by vikram1583 Explorer in Splunk Enterprise Security 01-02-2020
0 2
0
2
lmjoin

add on builder creates splunk apps that start with what

Hello Team, I am confused about SA , DA or TA as given in doc . "Splunk Enterprise Security The Splunk Enterprise ...
by lmjoin Explorer in Splunk Enterprise Security 01-02-2020
0 1
0
1
airalee

Create New Fields From Another Field with Varying Values

Hello All, Is there a way to create multiple fields from a single field separated by commas? But the number of valu...
by airalee New Member in Splunk Enterprise Security 01-02-2020
0 4
0
4
infosec_kicb

List of users on Linux and Windows clients, how we can get it?

Hi guys, Nothing comes to mind. How to get a list of users in operating systems using splunk forwarder?
by infosec_kicb New Member in Splunk Enterprise Security 12-31-2019
0 1
0
1
pbankar

How to remove unwanted data while indexing a CSV file?

I have a CSV file that has some data at the start of the file and in end. Like: ----BEGIN_RESPONSE_BODY_CSV "Date",...
by pbankar Path Finder in Splunk Enterprise Security 12-30-2019
0 5
0
5
oeurnchan

How can i use the client to exploit ransomware or virus?

How can i use the client to exploit ransomware or virus? in case i need to testing from client PC
by oeurnchan New Member in Splunk Enterprise Security 12-29-2019
0 3
0
3
modernjameschen

How can I monitor network device or server on splunk ? like pingstatus command or something?

Hello everyone, I am a Rookie, I use splunk for linux,I tried running pingstatus command on splunk But I don’t know i...
by modernjameschen Loves-to-Learn Everything in Splunk Enterprise Security 12-28-2019
0 28
0
28
archme

How does splunk enterprise security asset lookup handle lookups of additional details for incidents with dynamic ip ?

We are current running the seckit for aws asset runs schedully to created aws assets lookup table. Now, for the elb...
by archme Explorer in Splunk Enterprise Security 12-27-2019
0 0
0
0
SplunkNewbie18

Throttling of Notable Use-Cases in Splunk For "OR" Condition

Hi, Would like to find out if there is any option to throttle correlation searches rules for notables for > 1 field ...
by SplunkNewbie18 New Member in Splunk Enterprise Security 12-26-2019
0 0
0
0
gthomas719

Finding Changes To Audit Mechanisms or Audit/Data Logs

Was hoping someone could give me some assistance with finding changes to audit mechanisms or changes to audit/data lo...
by gthomas719 New Member in Splunk Enterprise Security 12-26-2019
0 0
0
0
asharma21193

Checkpoint R80.20 integration with Checkpoint

I am trying to integrate Checkpoint running on Gaia OS version R80.20 to heavy forwarder. I am using checkpoint log e...
by asharma21193 New Member in Splunk Enterprise Security 12-25-2019
0 0
0
0
suresh456

We are getting the below error while accessing the splunk enterprise security free trial next day of registration?

Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Ren...
by suresh456 New Member in Splunk Enterprise Security 12-25-2019
0 0
0
0
swamy3131

how to use the summary index in real time

I am new to Summary Indexing. Can you please let me know how to use summary indexing in dashboards?
by swamy3131 New Member in Splunk Enterprise Security 12-24-2019
0 2
0
2
vishnuvardhansb

How to exclude the events in the default "Anomalous Audit Trail activity detected" search in ES, if its a reboot?

Hello Everyone, We currently have the below default search from ES to alert for anomalous audit log clearance activi...
by vishnuvardhansb Explorer in Splunk Enterprise Security 12-24-2019
0 0
0
0
tbavarva

Fine-tune Incident Review - Splunk ES

Hi All, We are using Splunk ES app in our environment and log sources are integrated to it and I am working on to mak...
by tbavarva Path Finder in Splunk Enterprise Security 12-23-2019
0 4
0
4
jacqu3sy

Eval value depending on hour of day

Is there a way to return a specific value if an event is seen between 18:00 and 07:00 the following day? I need to ...
by jacqu3sy Path Finder in Splunk Enterprise Security 12-23-2019
0 2
0
2
mteverest

Scheduled search event links

Hi I have a scheduled search in Splunk that get forwarded to ServiceNow and I would like to include the original link...
by mteverest New Member in Splunk Enterprise Security 12-22-2019
0 0
0
0
damode

Major upgrade fail on ES from version 4.5.2 to 5.0.1. Please help !!!

After I installed the ES app, I got the error as shown in the attached picture. On the ES upgrade page, I noticed it...
by damode Motivator in Splunk Enterprise Security 12-21-2019
0 3
0
3
vnarapuram

splunk enterprise add data - monitor - how to fetch data in real time

In splunk enterprise security, I am trying to add data from a directory using 'Monitor'. Files gets created in the di...
by vnarapuram Explorer in Splunk Enterprise Security 12-21-2019
0 2
0
2
mlozano09

Not sure how to go about my search

sorry I am fairly new to Splunk and not sure how to go about getting my search to work so I apologize if I am using t...
by mlozano09 Engager in Splunk Enterprise Security 12-20-2019
0 1
0
1
justinw

Extracted field not showing up after creation, though it displays in "+ Extract New Fields"

There have been questions similar to this in the past, and none of the fixes listed have fixed my issue. The created ...
by justinw Explorer in Splunk Enterprise Security 12-20-2019
1 5
1
5
typicallywrecke

Dashboard Query / Search Resource Utilization - Time To Complete

Hello all, thanks for taking the time to read this post. I am writing today about an issue we seem to be having with ...
by typicallywrecke Engager in Splunk Enterprise Security 12-18-2019
0 5
0
5
ericl42

Adaptive Response Not Pulling Variables

I've been using AR rules within notables for about a year now and I've had quite a bit of success with it. Previously...
by ericl42 Path Finder in Splunk Enterprise Security 12-18-2019
0 2
0
2
giventofly08

2 Stats Queries Within A Single Search?

Currently, my stats command is done by both the Computer Field and the Group field. This allows me to create an eval ...
by giventofly08 Explorer in Splunk Enterprise Security 12-18-2019
0 2
0
2
damode

Why am I getting "Invalid key in stanza [identityLookup] in /opt/splunk/etc/apps/SA-IdentityManagement/local/identityLookup.conf, line 6: eai:appName (value: SA-IdentityManagement)." ?

Everytime after splunk startup, I get the following message, Invalid key in stanza [identityLookup] in /opt/splunk/e...
by damode Motivator in Splunk Enterprise Security 12-17-2019
0 0
0
0
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...
Top Solution Authors
View All