Splunk Enterprise Security

Community Activity

How to list values using tstats in Splunk ES Hi, I am using below search query which list's out the sequence of login using standard querying. What the below que... by ashish9433 Communicator in Splunk Enterprise Security 11-21-2019 0 4	0	4
Splunk Query related I've written below query, index=* sourcetype=* EventCode=* \| rex field=_raw "((Process Command Line:\t)(?(.+)*))" \|... by rupesh67nikam New Member in Splunk Enterprise Security 11-21-2019 0 3	0	3
Splunk Enterprise Security: How to set a custom risk score based on stats results? I would like to set a custom risk score based on the number of failed authentication attempts by a user. I created t... by stevenjluke Explorer in Splunk Enterprise Security 11-20-2019 0 2	0	2
stix Threat Intelligence Upload Splunkers, Once a stix formatted IOC file has been successfully uploaded via Splunk Enterprise Security "Upload Thre... by tmwhitm New Member in Splunk Enterprise Security 11-20-2019 0 1	0	1
How do I change bar chart color based on value? I've tried: <option name="charting.fieldColors">{"Blocks_Blocked":0x006400, "Allowed_block":0xCCCC00, "Allowed":0x... by ESPrioleau New Member in Splunk Enterprise Security 11-20-2019 0 0	0	0
Splunk App for Enterprise Security: How does Identity Management work? Hello everyone, I was tasked with changing over our Identity management information in splunk since we switched vend... by smlrwd Explorer in Splunk Enterprise Security 11-20-2019 1 10	1	10
ES Tuning Question Hello All, I am working on tuning the Network-Unroutable Host Activity -Rule search and we are trying to exclude our... by edwardrose Contributor in Splunk Enterprise Security 11-20-2019 0 0	0	0
Installing on a Clustered Splunk Enterprise This application provides a ".spl" to install, which is perfect for "single server splunk". Since we run a clustered... by cascompany Explorer in Splunk Enterprise Security 11-20-2019 0 3	0	3
Calculate Percentage of Packets So i have a splunk query that returns the below output IP Packets 1.1.1.1 100 1.1.1.2 ... by abhik1501 New Member in Splunk Enterprise Security 11-20-2019 0 1	0	1
Splunk Query Hi, After Extracting a field using regex. I now need to compare whether that particular field contains any command .... by rupeshn Explorer in Splunk Enterprise Security 11-20-2019 0 4	0	4
Setting up Demisto in Splunk? I'm hosting both Demisto and Splunk ES (Both free edition) on the same network. I have added the API key for Splunk i... by cltqchevron New Member in Splunk Enterprise Security 11-20-2019 0 0	0	0
Adaptive Response Variables Hello, I utilize Adaptive Response quite a bit for automatically creating incident tickets and dumping all of the re... by ericl42 Path Finder in Splunk Enterprise Security 11-19-2019 0 1	0	1
Enterprise Security: Why can’t we see the bunit field, that should be part of the Asset and Identity framework? We got the message that the bunit field belongs to the Asset and Identity framework and therefore should appear in th... by danielbb Motivator in Splunk Enterprise Security 11-19-2019 0 1	0	1
How can I setup alerts when there are any additions on an Active Directory Group and when local administrative accounts are created? Alert when - Additions to critical Active Directory groups such as Domain Admins, Enterprise Admins, Key Management G... by kappalkamal New Member in Splunk Enterprise Security 11-18-2019 0 1	0	1
Help with a search to check recent activity and set alert Hi, I would like to make sure I got this correct and I cant seem to find the answer anywhere. I added the whole sear... by tassetjn Engager in Splunk Enterprise Security 11-18-2019 0 2	0	2
SAP hybris integration Hello experts,i am in the process of integrating SAP hybris with splunk for monitoring. If someone has done this inte... by bbiswabhusan Explorer in Splunk Enterprise Security 11-18-2019 0 2	0	2
ES License Question Hi! In our company we have Splunk "Enterprise Term License - No Enforcement (6.5)" and we have ES in this license. In... by nklimov Engager in Splunk Enterprise Security 11-18-2019 0 3	0	3
Heavy Forwarder Configuration Query Hi All, I have inherited Splunk Enterprise in my company which includes 3 Indexers, 2 Search Head and each Deploymen... by spodda01da Path Finder in Splunk Enterprise Security 11-18-2019 0 2	0	2
Phantom: "Run Playbook in Phantom" Servers not being listed as Options In Splunk ES, under the alert actions for saved searches, there are 2 options for sending alerts to Phantom. Send t... by jamolson Path Finder in Splunk Enterprise Security 11-17-2019 0 2	0	2
IP Reputation App - Everything has visitor_id = 1 All of my searches are returning visitor_type =1 for all domains that I run ipreputation on. An example is 125.7.102... by browncardigan Path Finder in Splunk Enterprise Security 11-17-2019 0 0	0	0
update asset list contents I have an asset list. the owner changed for several assets. Now I just want to change the owner name against specific... by riqbal47010 Path Finder in Splunk Enterprise Security 11-17-2019 0 6	0	6
How do I remove IOCs from a KV store? When we first got Splunk ES, one of my colleagues decided to try adding in IOCs from the Mandiant APT1 report. These... by PT088 Engager in Splunk Enterprise Security 11-16-2019 0 4	0	4
How to extract a field with a NULL/blank value I am working with winevent logs for failed logons (Event 4625) and I have a log that has null/blank values for Accoun... by HunterJD New Member in Splunk Enterprise Security 11-16-2019 0 2	0	2
Need a suggestion in buying recorded future for my organization Hello, We are planning to buy recorded future for my organization to integrate with splunk ES. We have small Infra... by satyaallaparthi Communicator in Splunk Enterprise Security 11-15-2019 0 1	0	1
Splunk App for Enterprise Security ERROR I have licences for splunk enterprise security. So I tried to upload Splunk App for Enterprise Security but I get er... by hamedha Engager in Splunk Enterprise Security 11-15-2019 0 7	0	7