Splunk Enterprise Security

Discussions

Thread Info

Incident Review Dashboard Issue for a User

Hi Team, We have a separate ES- Splunk Cloud for our organisation. So in which we have provided access via SAML...

by Path Finder in

Reverse engineering an enterprise security correlation search

I am doing a deep dive to understand the internals of a correlation search within ES so that I can justify creating n...

by Path Finder in

Enterprise Security: who can assign incidents?

I wonder who within Incident Review can assign incidents to the group members? Does anybody can assign them?

by Motivator in

Extracting SHA256 field

Hello, I am trying to extract fields using Splunk field extractor and I reached a point where I got the following ...

by New Member in

Correlation search: email notification subject line

Dear Helpful bloggers, morning I have question on rule action: While setting Adaptive Response Actions for Correal...

by Path Finder in

input lookup file to search email traffic

Hi, I am new to Splunk. I have an input lookup file with some high risk internal email addresses in it . I want...

by New Member in

Manually create a notable event with a pre-determined timestamp

I am trying to manually create 500 new notable events that all have the same timestamp. I have not been able to find ...

by Explorer in

ES search head notable events for zscaler have signature "None"

Hi All, We're getting a number of notable events through originating from zscaler that have a signature of "None"....

by New Member in

Enterprise security engineering tasks

Hi in my company they recently migrated to Spunk(Enterprise Security) from QRador so installation part is done rule c...

by Explorer in

how to work on SIEM in splunk?

Hii, all I had a developer license to work with splunk.i was unable to implement by the splunk SIEM. why ?? how to i...

by New Member in

How to filter only one email address domain if you have multiple email address entries

How to filter only one email address domain if you have multiple email address entries, example : I have more than 10...

by New Member in

KVStore Initialization

I'm trying to install Enterprise Security 4 on Splunk 6.3 and it is hanging on the installing apps phase. I've restar...

by Splunk Employee in

how to combine list of domain controllers

we are using enterprise security we have 20 domain controllers we need to combine them and use in search

by Explorer in

How to merge Virus total application information with Splunk search query?

Hi, I am trying to get the some information from virus total in splunk enterprise through Virus total API Key. I don'...

by New Member in

Security Posture: Notable Events By Urgency

Under the Security posture there is a "Notable Events By Urgency" chart but it only shows medium, low and information...

by Observer in

1: Need to find Average number of vpn users in weekday and weekend

Curerntly using the search : 1:: index=sec_vpn sourcetype="cisco:acs" action=success date_wday!=sunday OR date_wday!=...

by New Member in

Enterprise Security: why the incidents don't show up in the lookup?

With all the help from @solarboyz1, the correlation searches produce now notable events, which show up in the Inciden...

by Motivator in

Enterprise Security: how long is a search accessible?

I try to assign an event to myself, but I get the following message - -- Unable to change 1 events: The search is...

by Motivator in

Splunk Enterprise Security: How to view all the use cases?

I go to Configure > Content > Use Case Library. It shows this nice page but I can't view all the use cases. Meaning...

by Motivator in

Dropdown: Could not create search

This is a dependent dropdown. since the token in query,ac_domain has value, customer_name. index has fields aws_acco...

by Communicator in

Enterprise Security: How to get a field break-down for a Web datamodel?

I'm looking at the Web datamodel and try to determine which fields are populated. I can do : | tstats dc(sourcety...

by Motivator in

In Enterprise Security's credential manager, are the passwords encrypted? If yes, what level of encryption is it?

This is just a question if credential manager uses encryption.

by Splunk Employee in

How can I troubleshoot the 'Substantial Increase in Port Activity' ES Correlation Search?

I have a significant number of Notables raised by the Substantial Increase in Port Activity correlation search. Pi...

by Communicator in

Need a help with skipped saved searches and help with calculation in limits

Hello, My schedule jobs are skipping all the time and getting following reasons: The maximum number of concurr...

by Communicator in

Phantom: Multiple Playbook Prompt Options

Hello again everyone, Was wondering if anyone has been able to get Phantom Playbook Prompts to be able to nest respo...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Incident Review Dashboard Issue for a User

Reverse engineering an enterprise security correlation search

Enterprise Security: who can assign incidents?

Extracting SHA256 field

Correlation search: email notification subject line

input lookup file to search email traffic

Manually create a notable event with a pre-determined timestamp

ES search head notable events for zscaler have signature "None"

Enterprise security engineering tasks

how to work on SIEM in splunk?

How to filter only one email address domain if you have multiple email address entries

KVStore Initialization

how to combine list of domain controllers

How to merge Virus total application information with Splunk search query?

Security Posture: Notable Events By Urgency

1: Need to find Average number of vpn users in weekday and weekend

Enterprise Security: why the incidents don't show up in the lookup?

Enterprise Security: how long is a search accessible?

Splunk Enterprise Security: How to view all the use cases?

Dropdown: Could not create search

Enterprise Security: How to get a field break-down for a Web datamodel?

In Enterprise Security's credential manager, are the passwords encrypted? If yes, what level of encryption is it?

How can I troubleshoot the 'Substantial Increase in Port Activity' ES Correlation Search?

Need a help with skipped saved searches and help with calculation in limits

Phantom: Multiple Playbook Prompt Options

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...

Multi-Select in HTML for Alert Action does not ret...