Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
dkloud

How to pass data to an external api

Hi, I am using a 3rd party tool to get information about different indicators of compromise (eg: domains). I am gett...
by dkloud Explorer in Splunk Enterprise Security 12-10-2019
0 2
0
2
umairahmad3985

Should I build my integration for Splunk Enterprise or Splunk Enterprise Security?

Hi Everyone, We are trying to develop an integration for Splunk based on our On-demand scanning APIs. We offer on-de...
by umairahmad3985 Path Finder in Splunk Enterprise Security 12-10-2019
0 6
0
6
dflodstrom

Why are some tokens not expanding in incident review even though the fields are present in the notable event?

Splunk Version 7.3.2, ES Version 5.3.1 Post-upgrade a couple of our notables are displaying tokens in the notable ti...
by dflodstrom Builder in Splunk Enterprise Security 12-09-2019
0 6
0
6
grobendg

What is the best concept for enrichment from multiply columns through multiple indices within one SPL?

I want to enrich my resultset from one SPL with multiply columns from other fields. I know map or joins can be used. ...
by grobendg Explorer in Splunk Enterprise Security 12-09-2019
0 6
0
6
driekhof

KV Store - audit trail?

We're writing an app that allows users to input some asset lookup data into a KV Store. Occasionally these KV Store ...
by driekhof Path Finder in Splunk Enterprise Security 12-07-2019
0 3
0
3
jwalzerpitt

How to create an alias for a CIM field in Splunk ES?

I am extracting the src and user values from failed login attempts in Shibboleth logs and the value is "failed" so I ...
by jwalzerpitt Influencer in Splunk Enterprise Security 12-06-2019
0 4
0
4
Fleqx

How to roll back to using LDAP authentication?

I'm testing out an SSO feature in Okta. I was initially using LDAP as the authentication method. There was a config...
by Fleqx New Member in Splunk Enterprise Security 12-05-2019
0 0
0
0
vikram1583

corellation search for below scenerio

| tstats summariesonly max(time) as _time,values(Web.http_method) as http_method,values(Web.status) as status,count f...
by vikram1583 Explorer in Splunk Enterprise Security 12-05-2019
0 2
0
2
cosmo360

How can splunk tell me if I have access to Palo Alto

Hello, I am relatively new with splunk and would like to know how to run a query to tell if I have access to Palo alt...
by cosmo360 New Member in Splunk Enterprise Security 12-05-2019
0 1
0
1
ManishVilla7

creating drilldown panel based on the selected value in $click.value$

I want to create a drilldown panel that will run different searches based on the value selected i.e. $click.value$. ...
by ManishVilla7 Explorer in Splunk Enterprise Security 12-05-2019
0 3
0
3
hettervik

Glass Table not loading in Splunk ES

Hi folks, We have created a glass table in Splunk ES. It worked yesterday, but today when we try to open it, it does...
by hettervik Builder in Splunk Enterprise Security 12-05-2019
0 3
0
3
bhsakarchourasi

Zscaler add-on field extraction

Hi All, We receiving zscaler logs on syslog server from there forwarder is reading logs and sending to Splunk cloud....
by bhsakarchourasi Path Finder in Splunk Enterprise Security 12-04-2019
0 0
0
0
trojan_81

splunk search query

Hi suppose I have this IP address 10.5.5.5 I just want to see any information that splunk has on this IP. I'm star...
by trojan_81 Path Finder in Splunk Enterprise Security 12-03-2019
0 1
0
1
abhik1501

Check for users clicking on a totally new url in last 24 hrs

I need to search for users who clicked on totally new urls seen in last 24 hrs. If user has clicked on a link which ...
by abhik1501 New Member in Splunk Enterprise Security 12-03-2019
0 4
0
4
d4wc3k

Question about improvments regarding IoC in Threat Intel collection

Hello All on Forum I have following problem with threat intel in Splunk ES. I have got IoC, which is IP address and ...
by d4wc3k Path Finder in Splunk Enterprise Security 12-03-2019
0 0
0
0
osmandemir1

intelligence lookup source is not working

Hi, I have a intelligence lookup file in SA-ThreatIntelligence APP. This lookup schedule content update with open so...
by osmandemir1 New Member in Splunk Enterprise Security 12-03-2019
0 0
0
0
trojan_81

events and forwarders

Hi When i'm reviewing an EVent, is there a field that tells me if it came from a forwarder?
by trojan_81 Path Finder in Splunk Enterprise Security 12-02-2019
0 2
0
2
edwardrose

Enterprise Security TAs

Hello All, I am following the instructions to download the TAs so that I can install on my indexers but do not see t...
by edwardrose Contributor in Splunk Enterprise Security 12-02-2019
0 1
0
1
dominiquevocat

How to get a developer license for Splunk IT Service Intelligence or Splunk Enterprise Security?

Is there any way to get a developer license of Splunk IT Service Intelligence (ITSI) and/or Splunk Enterprise Securit...
by SplunkTrust SplunkTrust in Splunk Enterprise Security 12-02-2019
0 2
0
2
d4wc3k

Query which allows close all notables events considered as FP

Hello alll I have following question: If it is possible to create query which will change owner,status and add note ...
by d4wc3k Path Finder in Splunk Enterprise Security 12-02-2019
0 3
0
3
trojan_81

viewing syntax of dashboards

Hello newbie question here When I log into splunk and drill into DASHBOARDS, I am presented with the list of dashboa...
by trojan_81 Path Finder in Splunk Enterprise Security 12-02-2019
0 1
0
1
vin02ptl

Additional field is not populating in ES inscident review page for the AWS cloudtail correlation search.

I have created correlation search to get the alert for the aws cloudtrail activity in enterprise security. Alert is t...
by vin02ptl Explorer in Splunk Enterprise Security 12-01-2019
0 0
0
0
abhinavbaluni

Checkpoint Opsec Lea Add on Error

Hi All, I am getting the following error post configuring the opsecLEA add on my Heavy Forwarder. We are able to pu...
by abhinavbaluni New Member in Splunk Enterprise Security 11-29-2019
0 0
0
0
pbankar

How to run Splunk using python 3.7

I'm developing a Technology AddOn (TA) using Modular Input and as per the latest Splunk norms they will be deprecatin...
by pbankar Path Finder in Splunk Enterprise Security 11-28-2019
0 3
0
3
hing

Enterprise Security compatibility with Splunk v7.3.3

Will ES v6.0 security components such as, content support, framework suport, shared components, integration support. ...
by hing New Member in Splunk Enterprise Security 11-28-2019
0 1
0
1
Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...