Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Error installing Splunk Security Essentials

Hi all, I am trying to install Splunk Security Essentials into a single instance of Splunk with a downloaded file ...

by Explorer in

How to configure Splunk Enterprise Security drill-down earliest offset?

Hi, I'm trying to configure Drill-down Earliest Offset in my Notable from Adaptive Response Action. I'd like to...

by Path Finder in

Splunk ES taxii feed - AlienVault OTX config

Hi everyone, Am having issues with the configuration of the AlienVault OTX feed in Splunk ES and would appreciate a...

by Explorer in

How to make secure cookies in Splunk by setting Secure, SameSite, HTTPOnly Attributes?

Hi everyone, Can you please help us to make the Secure cookies by doing below things. Setting HTTPOnly Flag to spl...

by Explorer in

Traffic Search function

I've seen someone use this traffic search function but can't find it myself: How can I access this traffic s...

by Engager in

Documentation for SA-AccessProtection / DA-ESS-AccessProtection

Greetings, I found some useful savedsearches under SA-AccessProtection / DA-ESS-AccessProtection, which I am intere...

by Path Finder in

How to Format Dates in Splunk Email Reports for Improved Readability

I'm trying to resolve an issue where Splunk sends email reports, but the information exported as an attachment uses a...

by Loves-to-Learn Lots in

Autolookup

How to fix"Could not load lookup=LOOKUP-autolookup_prices"

by New Member in

Multi-Select in HTML for Alert Action does not return anything and does not show up in payload passed to python script

I am using the following html for my alert action data entry screen. The tenant mulit-select does not show up in the...

by New Member in

Where are Noteable Event Suppressions stored in Splunk?

In Enterprise Security, you can configure Notable Event Suppressions. When adding/editing a suppression, which file e...

by Builder in

For Enterprise Security, Threat Intelligence Management - What is the correct content of a STIX file?

We are trying to ingest a STIX file into the Threat Intelligence Management, the STIX parses, but does not find anyth...

by Explorer in

Search by id does not work in Incident Review

When running a search on the Incident Review dashboard where the search term is the <event_id> value or event_id="<ev...

by New Member in

URL Next step for notable

Hi everyone!Is it possible to pass a parameter from search to the next "action|url" step? Like in description: $resul...

by Explorer in

Enterprise Security app

We have a cluster with two search heads and two indexers. We need to install the Enterprise Security app on the searc...

by Path Finder in

After Updating to 9.2.2, ESS has stopped creating notables (ESS ver. 7.2.0)

Hi, We were using Splunk Enterprise (8.2.5) and ESS (7.2.0) on Debian 12. Everything was working fine until I upgra...

by Loves-to-Learn Everything in

How to calculate MTTD in ES

Hello Splunk ES experts , I want to make a query which will produce MTTD (something like by analyzing the time di...

by Builder in

Send Notable event _id to soar with notable alert

Salam guysI wrote the Correlation Search Query and added the Adaptive Response Actions (notable, risk analysis and se...

by Explorer in

Palo log issue

Hi all, I'm having issues comparing user field in Palo Alto traffic logs vs last user reported by Crowdstrike/Windo...

by Observer in

Splunkbase app download via command line

Hi All, I need to download and install below app via command linehttps://splunkbase.splunk.com/app/263Please help m...

by Builder in

Setting Up Splunk Universal Forwarder to Monitor and Analyze .evtx Files

Hello Splunk Community, I have .evtx files from several devices, and I would like to analyze them using Splunk ...

by Path Finder in

How to pass field value to custom alert action?

Hi! I'm creating custom alert action. I can use my alert action in save alert and Correlation search. But I meet a tr...

by Engager in

Match Linux log to CIM

Hi all, Has anyone had experience matching Linux audit logs to CIM before? I installed the Add-on for Unix and Li...

by Explorer in

My Correlation Search doesn't trigger to Incident Review

I Have 60 Correlation Search in Content Management Some of my Correlation Search doesn't trigger to Incident Revie...

by Contributor in

Splunk ES using the BOTSv2

Hello, I am currently working in a SOC, and I want to test rules in Splunk ES using the BOTSv2 dataset. How can I con...

by Path Finder in

Splunk Security Essentials - macro 'summariesonly_config' cannot be found

Hi, I am testing the Security Essentials App 3.8.0 in Splunk 9.0.8, and I found the same issue while trying to acti...

by Contributor in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Error installing Splunk Security Essentials

How to configure Splunk Enterprise Security drill-down earliest offset?

Splunk ES taxii feed - AlienVault OTX config

How to make secure cookies in Splunk by setting Secure, SameSite, HTTPOnly Attributes?

Traffic Search function

Documentation for SA-AccessProtection / DA-ESS-AccessProtection

How to Format Dates in Splunk Email Reports for Improved Readability

Autolookup

Multi-Select in HTML for Alert Action does not return anything and does not show up in payload passed to python script

Where are Noteable Event Suppressions stored in Splunk?

For Enterprise Security, Threat Intelligence Management - What is the correct content of a STIX file?

Search by id does not work in Incident Review

URL Next step for notable

Enterprise Security app

After Updating to 9.2.2, ESS has stopped creating notables (ESS ver. 7.2.0)

How to calculate MTTD in ES

Send Notable event _id to soar with notable alert

Palo log issue

Splunkbase app download via command line

Setting Up Splunk Universal Forwarder to Monitor and Analyze .evtx Files

How to pass field value to custom alert action?

Match Linux log to CIM

My Correlation Search doesn't trigger to Incident Review

Splunk ES using the BOTSv2

Splunk Security Essentials - macro 'summariesonly_config' cannot be found

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

Palo Alto apps and add-ons for splunk

Dashboard PNG schedule export setting is not viewa...

Incident_updates_lookup not updating urgency and r...

Create Investigation SOAR

Correlation Search: Next Step: Ping - NSLOOKUP - R...

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions