Splunk Enterprise Security

Thread Info

Does Enterprise Security work just fine with a search head cluster?

We read someplace that ES and the SH cluster might be tricky. It is right? or ES works naturally with the SH clus...

by Motivator in

Notable Alerts are triggering late..

I have an alert with 'Notable' Alert action. While checking the notable index i could see the notables triggered by ...

by Communicator in

Mount Volume to Forwarder Container

Hello, I am trying to install the Splunk UF on a Docker container and mount the container to a specific volume. I ...

by New Member in

how to calculate time between events for the past month

Hello, I have an index for a symantec produt, and I have to write a search to alert if any of the sourcetypes doe...

by New Member in

Dashboard Link

Scenario: I have two panels in one dashboard. Panel A and Panel B. I need a system that, when i click on A only that ...

by New Member in

Symantec email gateway (Cloud) with SPLUNK (on-premise) integration

We are using Symantec email gateway (Cloud)for email filtering (inbound and outbound), We would like to integrate ema...

by New Member in

How to list values using tstats in Splunk ES

Hi, I am using below search query which list's out the sequence of login using standard querying. What the below q...

by Communicator in

Splunk Query related

I've written below query, index=* sourcetype=* EventCode=* | rex field=_raw "((Process Command Line:\t)(?(.+)*))" ...

by New Member in

Splunk Enterprise Security: How to set a custom risk score based on stats results?

I would like to set a custom risk score based on the number of failed authentication attempts by a user. I created th...

by Explorer in

stix Threat Intelligence Upload

Splunkers, Once a stix formatted IOC file has been successfully uploaded via Splunk Enterprise Security "Upload Th...

by New Member in

How do I change bar chart color based on value?

I've tried: <option name="charting.fieldColors">{"Blocks_Blocked":0x006400, "Allowed_block":0xCCCC00, "Allowed":0...

by New Member in

Splunk App for Enterprise Security: How does Identity Management work?

Hello everyone, I was tasked with changing over our Identity management information in splunk since we switched ve...

by Explorer in

ES Tuning Question

Hello All, I am working on tuning the Network-Unroutable Host Activity -Rule search and we are trying to exclude o...

by Contributor in

Installing on a Clustered Splunk Enterprise

This application provides a ".spl" to install, which is perfect for "single server splunk". Since we run a cluster...

by Explorer in

Calculate Percentage of Packets

So i have a splunk query that returns the below output IP Packets 1.1.1.1 100 1.1.1.2 200 400 200 1.1.1.3 100 100 ...

by New Member in

Splunk Query

Hi, After Extracting a field using regex. I now need to compare whether that particular field contains any command...

by Explorer in

Setting up Demisto in Splunk?

I'm hosting both Demisto and Splunk ES (Both free edition) on the same network. I have added the API key for Splunk i...

by New Member in

Adaptive Response Variables

Hello, I utilize Adaptive Response quite a bit for automatically creating incident tickets and dumping all of the ...

by Path Finder in

Enterprise Security: Why can’t we see the bunit field, that should be part of the Asset and Identity framework?

We got the message that the bunit field belongs to the Asset and Identity framework and therefore should appear in th...

by Motivator in

How can I setup alerts when there are any additions on an Active Directory Group and when local administrative accounts are created?

Alert when - Additions to critical Active Directory groups such as Domain Admins, Enterprise Admins, Key Management G...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

Does Enterprise Security work just fine with a search head cluster?

Notable Alerts are triggering late..

Mount Volume to Forwarder Container

how to calculate time between events for the past month

Dashboard Link

Symantec email gateway (Cloud) with SPLUNK (on-premise) integration

How to list values using tstats in Splunk ES

Splunk Query related

Splunk Enterprise Security: How to set a custom risk score based on stats results?

stix Threat Intelligence Upload

How do I change bar chart color based on value?

Splunk App for Enterprise Security: How does Identity Management work?

ES Tuning Question

Installing on a Clustered Splunk Enterprise

Calculate Percentage of Packets

Splunk Query

Setting up Demisto in Splunk?

Adaptive Response Variables

Enterprise Security: Why can’t we see the bunit field, that should be part of the Asset and Identity framework?

How can I setup alerts when there are any additions on an Active Directory Group and when local administrative accounts are created?

Help with a search to check recent activity and set alert

SAP hybris integration

ES License Question

Heavy Forwarder Configuration Query

Phantom: "Run Playbook in Phantom" Servers not being listed as Options

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions