Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
phani123455

How to monitor azure storage data internally.

Have some security issues to connect through public end point from splunk-add-on for microsoft cloud service. I have ...
by phani123455 New Member in Splunk Enterprise Security 01-03-2020
0 0
0
0
rclifford

Need connection data for firewall cleanup

Hi Forum, I am in the process of cleaning up some old rules on our Palo Altos. The custom search function in the f...
by rclifford New Member in Splunk Enterprise Security 01-03-2020
0 1
0
1
saidshow

How to exclude CIDR range from Splunk Enterprise Security alert

We have a number of alerts in Splunk ES that are triggered by our external scanner. We want to be able to exclude our...
by saidshow Explorer in Splunk Enterprise Security 01-02-2020
0 6
0
6
trojan_81

splunk time stamp

Hello, When I'm looking at an event, there is a TIME field to the left column and then the actual event has it's own...
by trojan_81 Path Finder in Splunk Enterprise Security 01-02-2020
0 8
0
8
edhealea

seckit_idm_windows_identities_nha lookup not populating the priority in Identities

We have the SecKit Windows Assets Add-on for Splunk Enterprise Security and the SecKit SA IDM Common install on our c...
by edhealea Path Finder in Splunk Enterprise Security 01-02-2020
0 2
0
2
VijaySrrie

To create correlation search

Hi , How to create custom correlation search is ES app. For eg: Traffic to suspicious country
by VijaySrrie Builder in Splunk Enterprise Security 01-02-2020
0 2
0
2
vikram1583

can some one help which CIM model maps to below event

can you see if these events can fit into the Malware data model LogName=Application SourceName=Trend Micro OfficeScan...
by vikram1583 Explorer in Splunk Enterprise Security 01-02-2020
0 2
0
2
lmjoin

add on builder creates splunk apps that start with what

Hello Team, I am confused about SA , DA or TA as given in doc . "Splunk Enterprise Security The Splunk Enterprise ...
by lmjoin Explorer in Splunk Enterprise Security 01-02-2020
0 1
0
1
airalee

Create New Fields From Another Field with Varying Values

Hello All, Is there a way to create multiple fields from a single field separated by commas? But the number of valu...
by airalee New Member in Splunk Enterprise Security 01-02-2020
0 4
0
4
infosec_kicb

List of users on Linux and Windows clients, how we can get it?

Hi guys, Nothing comes to mind. How to get a list of users in operating systems using splunk forwarder?
by infosec_kicb New Member in Splunk Enterprise Security 12-31-2019
0 1
0
1
pbankar

How to remove unwanted data while indexing a CSV file?

I have a CSV file that has some data at the start of the file and in end. Like: ----BEGIN_RESPONSE_BODY_CSV "Date",...
by pbankar Path Finder in Splunk Enterprise Security 12-30-2019
0 5
0
5
oeurnchan

How can i use the client to exploit ransomware or virus?

How can i use the client to exploit ransomware or virus? in case i need to testing from client PC
by oeurnchan New Member in Splunk Enterprise Security 12-29-2019
0 3
0
3
modernjameschen

How can I monitor network device or server on splunk ? like pingstatus command or something?

Hello everyone, I am a Rookie, I use splunk for linux,I tried running pingstatus command on splunk But I don’t know i...
by modernjameschen Explorer in Splunk Enterprise Security 12-28-2019
0 28
0
28
archme

How does splunk enterprise security asset lookup handle lookups of additional details for incidents with dynamic ip ?

We are current running the seckit for aws asset runs schedully to created aws assets lookup table. Now, for the elb...
by archme Explorer in Splunk Enterprise Security 12-27-2019
0 0
0
0
SplunkNewbie18

Throttling of Notable Use-Cases in Splunk For "OR" Condition

Hi, Would like to find out if there is any option to throttle correlation searches rules for notables for > 1 field ...
by SplunkNewbie18 New Member in Splunk Enterprise Security 12-26-2019
0 0
0
0
gthomas719

Finding Changes To Audit Mechanisms or Audit/Data Logs

Was hoping someone could give me some assistance with finding changes to audit mechanisms or changes to audit/data lo...
by gthomas719 New Member in Splunk Enterprise Security 12-26-2019
0 0
0
0
asharma21193

Checkpoint R80.20 integration with Checkpoint

I am trying to integrate Checkpoint running on Gaia OS version R80.20 to heavy forwarder. I am using checkpoint log e...
by asharma21193 New Member in Splunk Enterprise Security 12-25-2019
0 0
0
0
suresh456

We are getting the below error while accessing the splunk enterprise security free trial next day of registration?

Error in 'litsearch' command: Your Splunk license expired or you have exceeded your license limit too many times. Ren...
by suresh456 New Member in Splunk Enterprise Security 12-25-2019
0 0
0
0
swamy3131

how to use the summary index in real time

I am new to Summary Indexing. Can you please let me know how to use summary indexing in dashboards?
by swamy3131 New Member in Splunk Enterprise Security 12-24-2019
0 2
0
2
vishnuvardhansb

How to exclude the events in the default "Anomalous Audit Trail activity detected" search in ES, if its a reboot?

Hello Everyone, We currently have the below default search from ES to alert for anomalous audit log clearance activi...
by vishnuvardhansb Explorer in Splunk Enterprise Security 12-24-2019
0 0
0
0
tbavarva

Fine-tune Incident Review - Splunk ES

Hi All, We are using Splunk ES app in our environment and log sources are integrated to it and I am working on to mak...
by tbavarva Path Finder in Splunk Enterprise Security 12-23-2019
0 4
0
4
jacqu3sy

Eval value depending on hour of day

Is there a way to return a specific value if an event is seen between 18:00 and 07:00 the following day? I need to ...
by jacqu3sy Path Finder in Splunk Enterprise Security 12-23-2019
0 2
0
2
mteverest

Scheduled search event links

Hi I have a scheduled search in Splunk that get forwarded to ServiceNow and I would like to include the original link...
by mteverest New Member in Splunk Enterprise Security 12-22-2019
0 0
0
0
damode

Major upgrade fail on ES from version 4.5.2 to 5.0.1. Please help !!!

After I installed the ES app, I got the error as shown in the attached picture. On the ES upgrade page, I noticed it...
by damode Motivator in Splunk Enterprise Security 12-21-2019
0 3
0
3
vnarapuram

splunk enterprise add data - monitor - how to fetch data in real time

In splunk enterprise security, I am trying to add data from a directory using 'Monitor'. Files gets created in the di...
by vnarapuram Explorer in Splunk Enterprise Security 12-21-2019
0 2
0
2
Get Updates on the Splunk Community!

Index This | What has goals but no motivation?

June 2026 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...