Splunk Enterprise Security

Discussions

Thread Info

Use cases in Enterprise Secuirty

How to fetch and where to find what and all are the use cases which we have created till date in Enterprise Security ...

by Path Finder in

Cloning information and forwarding to another splunk indexer from a splunk indexer

Issue: I am attempting to get a specific index from an internal splunk setup to an external one without clustering. T...

by Explorer in

How to generate a report based on utilisation of AWS services covering cost & capacity management in Splunk?

Hi I would like some query's or a query combined into one which gives me information about the following point's ...

by New Member in

Splunk Component Reboot/Restart Detected

Hi, Is there a way to notify if any splunk components were restarted. For Example-Deployment servers, Search heads...

by New Member in

field extraction

Same sourcetype have two different patterns in that case how can I define field extractions? Because field extraction...

by Path Finder in

Where should I install Fortinet Fortigate Add-On for Splunk?

Hi All, We are using Splunk Cloud environment with One Adhoc Search Head and one Enterprise Security Search head. ...

by Path Finder in

How I can extract two diferent events in a single search

Im new in this and I need some help with this for example I need to correlate two events from linux. my first s...

by Engager in

Discarding Specific type of traffic either on forwarder or indexer fails

Discarding Specific type of traffic either on forwarder or indexer fails, I tried to discard it using blacklist on fo...

by Loves-to-Learn Lots in

Versions above 7.1 for UFMA?

The Splunkbase page says, "Splunk Versions: 7.1, 7.0, 6.6, 6.5" are supported. Perhaps this is futile, then (if so, s...

by Explorer in

Enterprise Search: What are the Recommended Fields?

The SA-cim-validator displays the recommended fields while the official documentation at Common Information Model Add...

by Motivator in

How to group similar events into one event

Hi, We have pulled logs from our Anti Virus software into splunk and are in process of trying to filter through wh...

by New Member in

Sonicwall data Enterprise Security

Hi, I integrated my firewall sonicwall using the guide for Dell Sonicwall Analytics and this applications is worki...

by Explorer in

Enterprise Security: How do we specify the proper fields for the correlated search?

When we create the correlated searches, how do we specify which fields will be visible in the notable event / inciden...

by Motivator in

SPLUNK 7.x Fundamentals Part 1&2: Where could I find the total hours for each course?

I am in the the process of gathering CEUs for my CompTIA Sec+. In order to have CompTIA give me credit for the SPLUNK...

by New Member in

MSSQL Server TA - audit events scalability over hundreds of DBs

According to https://docs.splunk.com/Documentation/AddOns/released/MSSQLServer/SQLServerconfiguration Audit events g...

by Builder in

MIL-STD-1472G Compliance

I have a Government customer asking me to provide Splunk compliance with MIL-STD-1472G. Since Splunk sells to local, ...

by New Member in

Splunk windows TA flow chart

Can some one draw a flowchart or work flow of TA works in splunk ? Need to know If Addon installed in HF/UF , inde...

by New Member in

Reassigning Ownership of all items in Splunk

We have an employee that left the company and we need to re-assign ownership to a new person. Is there a way to do a ...

by New Member in

Enterprise Security: is it a good practice to "force" certain fields to exist at the macro level?

The cim_Authentication_indexes is defined, in our case, as (index=wineventlog OR index=<linux> OR index=<rsa> OR ...)...

by Motivator in

How do I run a splunk query to find traffic activities on a specific host name

Hello, I am trying to figure out how to run a query in my splunk environment to find all the traffic activities of a ...

by New Member in

Enterprise Security : Is there a demo/video of the Incident Review section?

The team here is not satisfied with the capabilities, workflow of the Incident Review section of ES. Is there a nice ...

by Motivator in