Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to link each fired alert to respective saved search?

Hi community! I have a dashboard that shows the alerts on table and in the graph, the questions is How I can li...

by Explorer in

Why does the Notable Incident Review Status dropdown have "No Matches"?

We are in SplunkCloud with ES 7.0.0 As a user with the sc_admin or ess_admin role when selecting an incident to ed...

by Engager in

How to get SQL server logs into Splunk for Enterprise Security?

Hello, I need to put sql server logs into Splunk for Enterprise Security. Is there any add-on available? I found a...

by New Member in

How do I compare two indexes with the same value and a different field name?

i installed universal forwarder 4 machine this event log is getting my pc i want to compare my event log and univer...

by Path Finder in

How does ES compare with Chronicle Security of Google?

Is there a comparison between ES and Chronicle Security of Google? A top official here wonders about it.

by Motivator in

Phantom: When running a Splunk action why the error "Failed to acquire lock"?

Hi All, We are running an Splunk action - run query (search) on a Phantom playbook which is active on every event ...

by New Member in

RBAC for Notable events?

Hi, Imagine the role `A` has access to index=foobar, but roles 'B' and 'C' do not. Imagine Splunk Enterprise Se...

by New Member in

How can I view the source index where Splunk Enterprise Security take the event?

I need to know where i can view the source index of the event that Splunk Enterprise Security take to make an alert, ...

by New Member in

The Notable Generation doesn't produce the expected results?

Hi, I created a new Correlation Search that needs to generate notable, so in the "Adaptive Response Actions" I add...

by Explorer in

How to exclude events with same session_id - Remote Desktop Network Bruteforce?

Hello, We are trying to modify the existing query in the "Remote Desktop Network Bruteforce" correlation search pr...

by Observer in

How to remove a duplicate from a field result?

I am trying to remove duplicate from a field result: index=tenable* sourcetype="*" severity_description="*" | tabl...

by Explorer in

What is the best way to integrate Samba AD logs for user activity with Splunk Cloud?

Hi All, What is the best way to integrate Samba AD logs for user activity with Splunk Cloud?

by Observer in

How to view data from Threat intel collections?

Hello, Like any other ES user, we have threat intel feeds configured that came along with box. How can i view the ac...

by Builder in

Can I Upgrade Splunk Enterprise 8.1.0 with ES 6.0.0 installed?

Hi. I need upgrade my Splunk Cluster, my current versión is 7.3.2 and I need upgrade to 8.0.10, but we have Enter...

by Explorer in

How to make the Splunk ES Risk-Based Alerting risk threshold search case insensitive

We've starter lookin into Risk-Based Alerting (RBA) in Splunk ES, and noticed that the logic for the risk notables is...

by Builder in

What is "Malware Domains threatlist" in Splunk Enterprise Security?

Hi All, We are planning to upgrade Splunk ES from 6.2 to 7.0.1. In Release Notes of 7.0.1 deprecated features, its...

by New Member in

How to properly map windows Endpoint DataModel with Windows logs?

Hello team: i am working on Splunk Endpoint Data Model and i have windows audit logs in splunk. My concern is if i we...

by Path Finder in

AWS Splunk Usescases- What are AWS sourcetype details and which are required for security perspective?

Hi Splunkers, I will planning entegration splunk on our aws envirement but I m beginner on aws so please could you...

by Observer in

How to build SPL query for the configured storage path?

Can Someone help to build the query for below. Need to collect configured path list (coldpath/homePath / thawedPa...

by Explorer in

Why does host stop sending logs to Splunk?

Use case has been prepared with help of Splunk article https://www.splunk.com/en_us/blog/tips-and-tricks/how-to-d...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

How to link each fired alert to respective saved search?

Why does the Notable Incident Review Status dropdown have "No Matches"?

How to get SQL server logs into Splunk for Enterprise Security?

How do I compare two indexes with the same value and a different field name?

How does ES compare with Chronicle Security of Google?

Phantom: When running a Splunk action why the error "Failed to acquire lock"?

RBAC for Notable events?

How can I view the source index where Splunk Enterprise Security take the event?

The Notable Generation doesn't produce the expected results?

How to exclude events with same session_id - Remote Desktop Network Bruteforce?

How to remove a duplicate from a field result?

What is the best way to integrate Samba AD logs for user activity with Splunk Cloud?

How to view data from Threat intel collections?

Can I Upgrade Splunk Enterprise 8.1.0 with ES 6.0.0 installed?

How to make the Splunk ES Risk-Based Alerting risk threshold search case insensitive

What is "Malware Domains threatlist" in Splunk Enterprise Security?

How to properly map windows Endpoint DataModel with Windows logs?

AWS Splunk Usescases- What are AWS sourcetype details and which are required for security perspective?

How to build SPL query for the configured storage path?

Why does host stop sending logs to Splunk?

The Splunk Success Framework: Your Guide to Successful Splunk Implementations

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Why is multisearch stopping after first result?

Anyone have a search for meant time to triage for ...

How to create Splunk alert to detect unauthorized ...

Is there customization required for Salesforce int...

How do I stop Multiple Analysts from grabbing the ...