Splunk Enterprise Security

Discussions

Thread Info

Multiple Domains

I have an SPLQ that im trying to collect all domains from a raw logs, but my regex is capturing only one domain.in a ...

by Path Finder in

Search error: that store merged asset and identity data in Splunk Enterprise Security

Hi Splunkers, we have a SH with Splunk Enterprise Security installed on it. It is a standalone instance that query so...

by Contributor in

Any use cases for darktrace

Hi, Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.

by Path Finder in

Incident Review dashboard drilldown search not working

Hello, We have been facing a weird error suddenly, wherein our production Splunk cloud Enterprise Security Incident...

by New Member in

Correlating Carbon Black Watchlist Alerts on Splunk Enterprise Security

Hi, our company does not yet have Splunk enterprise security, but we are considering getting it. Currently, our secur...

by Engager in

Per - result Alert

I am a grad student and I recently gave a quiz on splunk. There was a true/false question. Q: Splunk Alerts can be ...

by Engager in

Throttling Notables - Do Underlying Alerts Need to be Throttled Too?

Right now I have an issue with duplicate notables. I want to make it so a notable will only re-generate if there have...

by Loves-to-Learn Lots in

How to create notable manually with selected timestamp?

| stats count | eval _time="1685158808" | eval rule_title="Test notable" | eval security_domain="N...

by Explorer in

Splunk Enterprise Security: Is it possible to implement multi-tenancy in a distributed search environment?

Hello everybody. I deployed a Splunk Enterprise Security in a distributed environment for our customer. He also h...

by Communicator in

Menu Bar Missing in Search and Reporting UI After Upgrade to 9.3.1- Splunk Enterprise

I recently upgraded Splunk Enterprise from version 9.1.0.2 to 9.3.1, and I've encountered an issue where the menu bar...

by Loves-to-Learn in

How long are asset list field values stored in the Splunk ES asset list framework?

We have different lookup inputs into the Splunk ES asset list framework. Some values for assets change over time, for...

by Builder in

Does the service now integration work as an ad hoc adaptive response?

Hi guys, I have configured my servicenow integration with splunk and it works fine, we can create notables from a...

by Explorer in

Update a notable once an incident is opened or closed in ServiceNow

Hi All,Hope you all are doing well.I am very new to Splunk Enterprise security, and i need your help to understand h...

by Explorer in

Error installing Splunk Security Essentials

Hi all, I am trying to install Splunk Security Essentials into a single instance of Splunk with a downloaded file ...

by Explorer in

How to configure Splunk Enterprise Security drill-down earliest offset?

Hi, I'm trying to configure Drill-down Earliest Offset in my Notable from Adaptive Response Action. I'd like to...

by Path Finder in

Splunk ES taxii feed - AlienVault OTX config

Hi everyone, Am having issues with the configuration of the AlienVault OTX feed in Splunk ES and would appreciate a...

by Explorer in

How to make secure cookies in Splunk by setting Secure, SameSite, HTTPOnly Attributes?

Hi everyone, Can you please help us to make the Secure cookies by doing below things. Setting HTTPOnly Flag to spl...

by Explorer in

Traffic Search function

I've seen someone use this traffic search function but can't find it myself: How can I access this traffic s...

by Engager in

Documentation for SA-AccessProtection / DA-ESS-AccessProtection

Greetings, I found some useful savedsearches under SA-AccessProtection / DA-ESS-AccessProtection, which I am intere...

by Path Finder in

How to Format Dates in Splunk Email Reports for Improved Readability

I'm trying to resolve an issue where Splunk sends email reports, but the information exported as an attachment uses a...

by Loves-to-Learn Lots in

Autolookup

How to fix"Could not load lookup=LOOKUP-autolookup_prices"

by New Member in

Multi-Select in HTML for Alert Action does not return anything and does not show up in payload passed to python script

I am using the following html for my alert action data entry screen. The tenant mulit-select does not show up in the...

by New Member in

Where are Noteable Event Suppressions stored in Splunk?

In Enterprise Security, you can configure Notable Event Suppressions. When adding/editing a suppression, which file e...

by Builder in

For Enterprise Security, Threat Intelligence Management - What is the correct content of a STIX file?

We are trying to ingest a STIX file into the Threat Intelligence Management, the STIX parses, but does not find anyth...

by Explorer in

Search by id does not work in Incident Review

When running a search on the Incident Review dashboard where the search term is the <event_id> value or event_id="<ev...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Multiple Domains

Search error: that store merged asset and identity data in Splunk Enterprise Security

Any use cases for darktrace

Incident Review dashboard drilldown search not working

Correlating Carbon Black Watchlist Alerts on Splunk Enterprise Security

Per - result Alert

Throttling Notables - Do Underlying Alerts Need to be Throttled Too?

How to create notable manually with selected timestamp?

Splunk Enterprise Security: Is it possible to implement multi-tenancy in a distributed search environment?

Menu Bar Missing in Search and Reporting UI After Upgrade to 9.3.1- Splunk Enterprise

How long are asset list field values stored in the Splunk ES asset list framework?

Does the service now integration work as an ad hoc adaptive response?

Update a notable once an incident is opened or closed in ServiceNow

Error installing Splunk Security Essentials

How to configure Splunk Enterprise Security drill-down earliest offset?

Splunk ES taxii feed - AlienVault OTX config

How to make secure cookies in Splunk by setting Secure, SameSite, HTTPOnly Attributes?

Traffic Search function

Documentation for SA-AccessProtection / DA-ESS-AccessProtection

How to Format Dates in Splunk Email Reports for Improved Readability

Autolookup

Multi-Select in HTML for Alert Action does not return anything and does not show up in payload passed to python script

Where are Noteable Event Suppressions stored in Splunk?

For Enterprise Security, Threat Intelligence Management - What is the correct content of a STIX file?

Search by id does not work in Incident Review

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Wrapping Up Cybersecurity Awareness Month

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security API support for update ...

Clarification on UBA Capability in Splunk Enterpri...

Findings Comments

Sendalert risk does not populate source_guid / sou...

Asset Identity Framework subnet does not match ip-...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions