Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Splunk nobody user vs Service User

Hi All, We have an environment where the owner of all the Dashboards/Alerts is user 'nobody'. Are there any disadv...

by Explorer in

Fail on start splunk after the upgrade of Splunk Enterprise Security from v4.7.0 to 5.3.1.

After upgrade to Splunk Enterprise Security v 5.3.1, fail on startup with the following error: [root@splunk02 bin]...

by Engager in

Kaspersky security center mapping to Enterprise Security

I've recently indexed kaspersky security center 10 data in splunk, but malware center in enterprise security showed n...

by Loves-to-Learn Lots in

SPL for Correlation search in enterprise security?

index=email | transaction mid icid | stats count(recipient) as receipent_count by sender | where receipent_count>1...

by Explorer in

Rename existing correlation search Title

Hi Fellows, I need to change the title of existing correlation search which I am not able to do as the options are...

by Explorer in

Problem with threat notables on Splunk ES

Hello , We have a Splunk ES 5.1.0 application installed on Splunk Entreprise version 7.2.0. We need to collect...

by Path Finder in

MLTK: Does it support multi-output classification?

Does the MLTK support multi-output classification, i.e., more than 1 predicted field? Thank you.

by Engager in

How to compare 2 lists from 2 different searches ?

I have 2 different searches to create 2 hosts list, and I want below from splunk search: 1. Find all hosts from 1st s...

by Path Finder in

How to deploy SPL Splunk image on Linux

Dear all, I have downloaded SPL tared image at https://splunkbase.splunk.com/app/4516/ and I want to deploy it Lin...

by New Member in

SSL Medium Strength Cipher Suites Supported (SWEET32) and SSL RC4 Cipher Suites Supported (Bar Mitzvah) {CVE-2016-2183 , CVE-2013-2566,CVE-2015-2808}

We have received notice that our splunk heavy forwarder is vulnerable to CVE-2016-2183 , CVE-2013-2566,CVE-2015-2808....

by New Member in

Adding an Azure sign in field to Splunk ES authentication data model

We recently started to ingest Microsoft's Azure sign-in events and one thing I've noticed are some values from the cl...

by Influencer in

Getting started with BOTS 2.0 - need help

Hello Everyone I am curious to learn with BOTS 2.0 but need some help. I have downloaded BOTS 2.0 but unable to...

by New Member in

How to alert when a rogue/unknown device is plugged into network

Hi, I need to be alerted when a rogue/unknown device is plugged into network. Any help will be appreciated.

by Path Finder in

Defining Authorized Name Servers in ES

The ES correlation search 'DNS Query Requests Resolved by Unauthorized DNS Servers' determines if the traffic is to f...

by Explorer in

What parts of the Enterprise Security dashboard are displayed the output related to this Add-on ?

Hi Dear Friends, I installed "Splunk Add-on for Unix and Linux" and now i have a question What parts of the Enterpris...

by New Member in

Salesforce marketing cloud integration with Splunk

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...

by Explorer in

How to get the difference in count of users and then trigger an alert

Hi Everyone, I have a splunk search: Search: sourcetype = onelogin:event index = onelogin earliest=-12d AND event_...

by New Member in

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources but my other search head for apps is getting all data

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network re...

by New Member in

DNS query in threat intelligence of Enterprise Security

Hi, Configured the proxy for retrieving threat intelligence in Enterprise Security and its succesfully retrieved ...

by Path Finder in

SavedSearch running as type=Inline works, type=Saved fails - why?

I setup a saved search and it is failing to run. It is throwing an error in the gui Error in 'sendalert' command: ...

by SplunkTrust in

How to add a chart that shows the average vulnerabilities per host grouped by Service

Hi, I created a vulnerability dashboard that looks like this: VulnerabilityId, Host, Service 123, HostA, Mail 2...

by New Member in

Downloaded an old snapshot created 485320 seconds ago

As part of the destructive resync that I performed on the 2 members that were out of sync, I saw the below messages o...

by Splunk Employee in

Prerequisites for Administering ES 5.2

The prerequisites for Administering ES 5.2 are vague. Is the prerequisite completing the two courses Splunk System...

by New Member in

Network Glass table

Hello Team, Please we need to create a Network Glass Table depending with our devices that sending data to splunk...

by New Member in

How do I use an eval where the final value is pulled out of a lookup file?

How do I use an eval where the final value is pulled out of a lookup file.? Trying to use the following but cant g...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk nobody user vs Service User

Fail on start splunk after the upgrade of Splunk Enterprise Security from v4.7.0 to 5.3.1.

Kaspersky security center mapping to Enterprise Security

SPL for Correlation search in enterprise security?

Rename existing correlation search Title

Problem with threat notables on Splunk ES

MLTK: Does it support multi-output classification?

How to compare 2 lists from 2 different searches ?

How to deploy SPL Splunk image on Linux

SSL Medium Strength Cipher Suites Supported (SWEET32) and SSL RC4 Cipher Suites Supported (Bar Mitzvah) {CVE-2016-2183 , CVE-2013-2566,CVE-2015-2808}

Adding an Azure sign in field to Splunk ES authentication data model

Getting started with BOTS 2.0 - need help

How to alert when a rogue/unknown device is plugged into network

Defining Authorized Name Servers in ES

What parts of the Enterprise Security dashboard are displayed the output related to this Add-on ?

Salesforce marketing cloud integration with Splunk

How to get the difference in count of users and then trigger an alert

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources but my other search head for apps is getting all data

DNS query in threat intelligence of Enterprise Security

SavedSearch running as type=Inline works, type=Saved fails - why?

How to add a chart that shows the average vulnerabilities per host grouped by Service

Downloaded an old snapshot created 485320 seconds ago

Prerequisites for Administering ES 5.2

Network Glass table

How do I use an eval where the final value is pulled out of a lookup file?

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

Editing the alert that is sent to PagerDuty

Is it possible to make it mandatory to assign Owne...

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...