Splunk Enterprise Security

Discussions

Thread Info

New Security Domain

I want to add a new Security Domain called "Email" in Enterprise Security (ES) App and later map it to notables. Righ...

by Explorer in

ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality)

Hi Team, We are performing Splunk ES upgrade from 4.7.1 to 5.2.0. Post upgrade, I have few .xml, .json files that ...

by Explorer in

Custom Alerts in SPLUNK Enterprise

We have recently installed Enterprise Security and have enabled a few use cases. This was done with the guidance of S...

by Contributor in

[ES Managed Lookup] error: "An error occurred" in popup window when clicking "Stop managing"

When creating a managed lookup and the destination app is chosen to be a custom app we made (that ES inherits), it cr...

by Splunk Employee in

How do I determine why a Correlation Search isn't creating a notable event when I expected one?

I have a Correlation Search that didn't generate notable events in a couple where I think it should have. How can I d...

by Champion in

Splunk Enterprise Security: How to exclude indexes from Authentication Data Model

How to exclude some indexes from authentication data model? We have some indexes such as lastchanceindex, but eventty...

by Path Finder in

Searching notable events in ES to match user field

Folks, I'm trying to match a field (user) from a search to see if any previous notable events ES have been generated ...

by New Member in

Linux encryption

We're looking into full disk encryption and was looking in Linux full disk encryption. Any concerns you can think of?

by New Member in

Enterprise Security: How can I trace the notable events?

I created a correlation search that should have produced notable events. How can I trace these notable events?

by Motivator in

We are attempting to setup local lookup file as a threat intelligence download

( as per https://docs.splunk.com/Documentation/ES/5.3.0/Admin/Addthreatintelcustomlookup) . and are unable to use thi...

by Splunk Employee in

Problem on Changing Syslog Sourcetype

The problem is on changing syslog sourcetype into another one. I read all splunk answer about it. I am following the ...

by New Member in

How to track inbound and outbound traffic from firewall logs

Hi helpful people, I am trying to create a use case which will monitor source and destination traffic(like both co...

by Engager in

add variables into serach name

under correlation search can we add certain variables like $src$ | $dest$ into search name: actually we are sendi...

by Path Finder in

Help with regex to print the value Total_bytes_recv and Total_bytes_send from log

Log: Aug 28 17:46:20 192.168.111.14 08/28/2019:16:46:18 GMT 0-PPE-0 : default TCP OTHERCONN_DELINK 1091143 0 : Sou...

by New Member in

How to get correlation searches to trigger on older data?

We had an incident on a device that we had not had a chance to ingest logs into Splunk. That incident occurred 2 week...

by New Member in

How do I merge two searches into one, and have all the fields filled in?

I have two seperate searches that I appended together, but I only need one field out of the second search. My problem...

by New Member in

How can end user help improve overall Splunk Enterprise Security speed?

My Splunk Admin is the landlord and I'm the tenant. Let's say the landlord is dealing with personal matters and canno...

by Communicator in

Datamodel status building since long

I have Email datamodel that ships alongwith Splunk ES. It's in building status and it's accelerated too. How to troub...

by Communicator in

How to Add Workflow Search Action under notable event

From a Splunk custom App, I need to add the workflow action which should be displayed under the Actions menu for the ...

by Explorer in

Difference between Palo alto all indecent and ES notable events?

Hi Splunkers, We are getting critical incidents in Palo alto All incidents dashboard. We configured ES threat act...

by Champion in

*NEW* Splunk Love Promo!
Snag a $25 Visa Gift Card for Giving Your Review!

It's another Splunk Love Special! For a limited time, you can review one of our select Splunk products through Gartner Peer Insights and receive a $25 Visa gift card!

Review:
SOAR (f.k.a. Phantom) >>
Enterprise Security >>
Splunk Enterprise or Cloud for Security >>
Observability >>

Or Learn More in Our Blog >>

Splunk Enterprise Security

Discussions

New Security Domain

ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality)

Custom Alerts in SPLUNK Enterprise

[ES Managed Lookup] error: "An error occurred" in popup window when clicking "Stop managing"

How do I determine why a Correlation Search isn't creating a notable event when I expected one?

Splunk Enterprise Security: How to exclude indexes from Authentication Data Model

Searching notable events in ES to match user field

Linux encryption

Enterprise Security: How can I trace the notable events?

We are attempting to setup local lookup file as a threat intelligence download

Problem on Changing Syslog Sourcetype

How to track inbound and outbound traffic from firewall logs

add variables into serach name

Help with regex to print the value Total_bytes_recv and Total_bytes_send from log

How to get correlation searches to trigger on older data?

How do I merge two searches into one, and have all the fields filled in?

How can end user help improve overall Splunk Enterprise Security speed?

Datamodel status building since long

How to Add Workflow Search Action under notable event

Difference between Palo alto all indecent and ES notable events?

How to put Limit on "edit Selected" option for the...

Is throttling based on trigger time? How do we dec...

What should be the source type for AWS KMS logs to...

Single Enterprise Security searchhead cluster conn...

Trying to set default disposition of a notable cor...