Splunk Enterprise Security

Start a Conversation

Discussions

Start a Conversation

Thread Info

Splunk Add-on - multi select values in an alert action

Hi, I'm working on an add-on for Splunk. I added an alert action, and I'm adding some fields to it. How can I add ...

by New Member in

Alert triggering on an entry not in inputlookup file

Hello, i have made an alert as follow : [|inputlookup admin_groups.csv | table "query" as Group_Name ] | search E...

by Explorer in

How to whitelist events using inputlookup?

I am trying to whitelist events from a specific server using IP and hostname. I am running into 2 issues. I h...

by Path Finder in

Does a license key(or file) is required to “activate” the Splunk ES App?

Hi All, Does a license key(or file) is being required to “activate” the Splunk Enterprise Security App? Looking...

by New Member in

whether a license key is required for the ES app or not?

Hello Folks, I have a concern with one of my customer using Splunk Enterprise Security App,they mentioned the don’...

by New Member in

In Splunk Enterprise Security, how do you change a query result when a drop down option is selected within a panel?

Hi, I have four options in a drop down--- Highest,Lowest ,Top 5 and Least 5. Each option has a query: For ex...

by Explorer in

Unable to distribute to peer from search head

Hi, We are facing this issue frequently in splunk search head. Please help me. Unable to distribute to peer na...

by Path Finder in

Monitor correlation/notable/incident review Splunk ES

How can I monitor if all correlations open incidents into "Incident Reviews" in Splunk ES correctly?

by Explorer in

Do we have option in Splunk enterprise security to check the command output

We created Dashboard in Splunk enterprise security where we can see the commands status and risk score for those comm...

by Path Finder in

how do i monitor network data using netflow analyzer ?

hello, how do i monitor network data using netflow analyzer? i have installed add on of netflow analyzer.please tell ...

by Engager in

In Splunk Enterprise Security, how do you access granular audit trails for user and role changes?

I was looking for a way to view WHAT exactly was audited when someone changes a ROLE or USER (capabilities, inherited...

by Path Finder in

How to write a Splunk alert to find malicious C2 traffic using Cisco IPS logs

Guys, Any idea of writing a splunk query to find the malicious command and control traffic using Cisco IPS logs. W...

by New Member in

With Splunk Enterprise Security, I'm getting varying IP geo-location results when comparing Splunk to third-party resources — how frequent are Splunk geo cache updates?

Hi, I'm getting varied results in Splunk when I investigate an IP address' location. Splunk might say "Netherlands...

by Engager in

Splunk Enterprise Security

Discussions

Splunk Add-on - multi select values in an alert action

Alert triggering on an entry not in inputlookup file

How to whitelist events using inputlookup?

Does a license key(or file) is required to “activate” the Splunk ES App?

whether a license key is required for the ES app or not?

In Splunk Enterprise Security, how do you change a query result when a drop down option is selected within a panel?

Unable to distribute to peer from search head

Monitor correlation/notable/incident review Splunk ES

Do we have option in Splunk enterprise security to check the command output

how do i monitor network data using netflow analyzer ?

In Splunk Enterprise Security, how do you access granular audit trails for user and role changes?

How to write a Splunk alert to find malicious C2 traffic using Cisco IPS logs

With Splunk Enterprise Security, I'm getting varying IP geo-location results when comparing Splunk to third-party resources — how frequent are Splunk geo cache updates?

no expected fields in sourcetype

How to create Enterprise Security custom roles and have Notables dashboard different for each roles?

How do you pass the same token for two panels with one drop-down input?

Symantec MSS integration with Splunk for orchestration and Incident Management

Nessus Home and Splunk Add-On for Tenable

In Splunk Enterprise Security, how do you combine two searches into one query and group on a specific field?

Fortigate logs are not in CIM format

Alert setup

Email result link - Page not found

Windows & Linux and other logs are required to be...

Combine base search with LDAP search

Seeing (SSL/TLS Compression Algorithm Information ...