Splunk Enterprise Security

Community Activity

How do I search from a lookup to find if a URL contains a malicious domain? Dear Splunk Experts, I have very little experience on Splunk, need your help with my search. I have a lookup with... by anil_ec21 Explorer in Splunk Enterprise Security 01-08-2020 0 3	0	3
Multisearching Hi All, First post on here. Hopefully this makes sense and isn't overly convoluted. So, I have a datamodel correlati... by celdridge1988 Engager in Splunk Enterprise Security 01-08-2020 0 3	0	3
How to create a search that shows if the last seen date was greater than 7 days I've tried a few different things but they don't appear to be working. I have a log that gives out the last day and ... by crisp023 New Member in Splunk Enterprise Security 01-08-2020 0 1	0	1
Remove Health messages Is it possible to remove the health warnings for certain users/roles from the top splunk bar? We have an error that w... by seankoniarz Explorer in Splunk Enterprise Security 01-07-2020 0 2	0	2
Locate Missing Software I am trying to run a search to locate specific missing software. I'm hitting a roadblock. I don't want to have to p... by crisp023 New Member in Splunk Enterprise Security 01-07-2020 0 2	0	2
Forward logs from logz.io to Splunk I am currently trying to ingest logs from one of our critical apps to Splunk Cloud. In working with my dev team, it a... by balbano_cfg Observer in Splunk Enterprise Security 01-07-2020 0 0	0	0
Splunk search for double file extension I am trying to build a use case for files that have a double file extension since these can often be the source of ma... by crisp023 New Member in Splunk Enterprise Security 01-07-2020 0 4	0	4
Adding advanced tags for existing content in Splunk Security Essentials Is there are a REST API endpoint, KVStore or lookup that can be used to add advanced tags to existing content in Splu... by simon_lavigne Path Finder in Splunk Enterprise Security 01-06-2020 0 0	0	0
Question RE: Enterprise Security Compatibility with Add-On for Microsoft Windows We are planning an upgrade. Our current environment: Splunk Enterprise Core - 7.1.4Enterprise Security - 5.1.1 Splun... by richardphung Communicator in Splunk Enterprise Security 01-06-2020 1 0	1	0
How does Kaspersky Anti Targeted Attack integrates with Splunk? How does Kaspersky Anti Targeted Attack integrates with Splunk? Do I need to have Splunk Enterprise Security to be de... by faaziz_splunk Splunk Employee in Splunk Enterprise Security 01-05-2020 0 0	0	0
Unable to export manged lookup csv in Splunk Enterprise Security I have a custom lookup on my ES search-head. I have added it to manged lookups and it shows up fine in the Content Ma... by nabeel652 Builder in Splunk Enterprise Security 01-04-2020 0 2	0	2
How to monitor azure storage data internally. Have some security issues to connect through public end point from splunk-add-on for microsoft cloud service. I have ... by phani123455 New Member in Splunk Enterprise Security 01-03-2020 0 0	0	0
Need connection data for firewall cleanup Hi Forum, I am in the process of cleaning up some old rules on our Palo Altos. The custom search function in the f... by rclifford New Member in Splunk Enterprise Security 01-03-2020 0 1	0	1
How to exclude CIDR range from Splunk Enterprise Security alert We have a number of alerts in Splunk ES that are triggered by our external scanner. We want to be able to exclude our... by saidshow Explorer in Splunk Enterprise Security 01-02-2020 0 6	0	6
splunk time stamp Hello, When I'm looking at an event, there is a TIME field to the left column and then the actual event has it's own... by trojan_81 Path Finder in Splunk Enterprise Security 01-02-2020 0 8	0	8
seckit_idm_windows_identities_nha lookup not populating the priority in Identities We have the SecKit Windows Assets Add-on for Splunk Enterprise Security and the SecKit SA IDM Common install on our c... by edhealea Path Finder in Splunk Enterprise Security 01-02-2020 0 2	0	2
To create correlation search Hi , How to create custom correlation search is ES app. For eg: Traffic to suspicious country by VijaySrrie Builder in Splunk Enterprise Security 01-02-2020 0 2	0	2
can some one help which CIM model maps to below event can you see if these events can fit into the Malware data model LogName=Application SourceName=Trend Micro OfficeScan... by vikram1583 Explorer in Splunk Enterprise Security 01-02-2020 0 2	0	2
add on builder creates splunk apps that start with what Hello Team, I am confused about SA , DA or TA as given in doc . "Splunk Enterprise Security The Splunk Enterprise ... by lmjoin Explorer in Splunk Enterprise Security 01-02-2020 0 1	0	1
Create New Fields From Another Field with Varying Values Hello All, Is there a way to create multiple fields from a single field separated by commas? But the number of valu... by airalee New Member in Splunk Enterprise Security 01-02-2020 0 4	0	4
List of users on Linux and Windows clients, how we can get it? Hi guys, Nothing comes to mind. How to get a list of users in operating systems using splunk forwarder? by infosec_kicb New Member in Splunk Enterprise Security 12-31-2019 0 1	0	1
How to remove unwanted data while indexing a CSV file? I have a CSV file that has some data at the start of the file and in end. Like: ----BEGIN_RESPONSE_BODY_CSV "Date",... by pbankar Path Finder in Splunk Enterprise Security 12-30-2019 0 5	0	5
How can i use the client to exploit ransomware or virus? How can i use the client to exploit ransomware or virus? in case i need to testing from client PC by oeurnchan New Member in Splunk Enterprise Security 12-29-2019 0 3	0	3
How can I monitor network device or server on splunk ? like pingstatus command or something? Hello everyone, I am a Rookie, I use splunk for linux,I tried running pingstatus command on splunk But I don’t know i... by modernjameschen Loves-to-Learn Everything in Splunk Enterprise Security 12-28-2019 0 28	0	28
How does splunk enterprise security asset lookup handle lookups of additional details for incidents with dynamic ip ? We are current running the seckit for aws asset runs schedully to created aws assets lookup table. Now, for the elb... by archme Explorer in Splunk Enterprise Security 12-27-2019 0 0	0	0