Splunk Enterprise Security

Discussions

Thread Info

Splunk SIEM Application

Hi All, We are using Splunk Enterprise, During server cleaning, We found out that Splunk Enterprise security is a...

by Path Finder in

Keep specific events and discard the rest

Hello I want to index the events in the firewalls log based in the alert level and the virtual domain in witch they h...

by New Member in

Update default/props.conf with TA-eStreamer

Hello @douglashurd - Could you pls review default/props.conf as its reusing same name [FIELDALIAS-eStreamer_category]...

by SplunkTrust in

Threat Intelligence feeds

Hi, I upload custom threat intelligence file named customthreat containing file_name, description,url the threat a...

by Communicator in

Threat intel not being added

Ever since the upgrade to ES 5.3.0 the ip_intel lookup doesn't seem to be getting filled anymore and there aren't any...

by Path Finder in

In incident review tab analyst comments getting truncated

when we are adding comments to notable it get indexed but some times the comment is getting truncated.

by Loves-to-Learn Everything in

Is there a way to create custom use case categories within ES?

Hello, Is there a way to create custom use case categories within the use case library for ES? The out-of-the-box ...

by Explorer in

Adding to 'Additional Fields' In Incident Review

Hi, I'm trying to see if there's a way to add additional/custom fields in Incident Review. Is there much room f...

by Explorer in

ES: How to edit "Description" under Incident Review?

Hi, My folks from cybersecurity wishes to display the epoch time under Description to human readable time. I can't...

by Contributor in

Splunk ES Adaptive Response Actions not populating.

while Editing the correlation search Adaptive Response Actions dropdown is not populating which has notable event act...

by Loves-to-Learn Everything in

ess_admin role issues

Hello, I have a splunk cloud managed deployment which has ES installed on it. First thing is that my user has on...

by Communicator in

Single value delta in glass tables ES showing up as N/A but drilling down shows results

I'm having an issue where building a glass table in ES for a single value delta ad-hoc search is showing up as N/A, b...

by Explorer in

How to install UF on servers that installed from an Image server?

Hi, We have a Citrix farm used for browsing by our Call center agents. The Terminal servers are reinstalled autom...

by Path Finder in

Performaing a secondary search based on the results of the conditional base search when creating custom Dashboards.

I have a drop-down menu with all of the rule names that appear in the events. Some of those have been mapped in a loo...

by Explorer in

Why does the search specifies a macro 'fidelis_get_xps_event' cannot be found?

In our environment we have 3 separate non-distributed search heads and a 3-clustered indexers. When I try running the...

by Engager in

Is it possible to optimize hyperparameters in MLTK?

Hi I am using MLTK for anomaly detection. So I am benchmarking algorithms. I was wondering if it is possible to op...

by Communicator in

Is it possible to count the number of values in a field by another field without stats?

I have a search where I am trying to determine if a sender is a threat based on several different events that are add...

by Explorer in

When I integrate with nessus I get [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed"

When I integrate with nessus I get [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" I did the below but...

by New Member in

creating an index accessible to only one Splunk role .

I want to create an index which will have sensitive data and want it to be accessible by only admin team and security...

by Explorer in

Why am I unable to save correlation searches through Splunk Enterprise Security in the context of any custom app?

I cannot save correlation searches through Splunk Enterprise Security in the context of any custom app. After going t...

by Engager in

Splunk Enterprise Security

Discussions

Splunk SIEM Application

Keep specific events and discard the rest

Update default/props.conf with TA-eStreamer

Threat Intelligence feeds

Threat intel not being added

In incident review tab analyst comments getting truncated

Is there a way to create custom use case categories within ES?

Adding to 'Additional Fields' In Incident Review

ES: How to edit "Description" under Incident Review?

Splunk ES Adaptive Response Actions not populating.

ess_admin role issues

Single value delta in glass tables ES showing up as N/A but drilling down shows results

How to install UF on servers that installed from an Image server?

Performaing a secondary search based on the results of the conditional base search when creating custom Dashboards.

Why does the search specifies a macro 'fidelis_get_xps_event' cannot be found?

Is it possible to optimize hyperparameters in MLTK?

Is it possible to count the number of values in a field by another field without stats?

When I integrate with nessus I get [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed"

creating an index accessible to only one Splunk role .

Why am I unable to save correlation searches through Splunk Enterprise Security in the context of any custom app?

Security Essentials / MITRE ATT&CK

Parsing the "_raw" field of Splunk Python SDK resu...

Missed macro ec2_excessive_terminateinstances_mltk...

MITRE-ATTACK latest threat list can not be downloa...

Failing to add Threat Intelligence Feed to Splunk ...