Splunk Enterprise Security

Discussions

Thread Info

Adding an Azure sign in field to Splunk ES authentication data model

We recently started to ingest Microsoft's Azure sign-in events and one thing I've noticed are some values from the cl...

by Influencer in

Getting started with BOTS 2.0 - need help

Hello Everyone I am curious to learn with BOTS 2.0 but need some help. I have downloaded BOTS 2.0 but unable to...

by New Member in

How to alert when a rogue/unknown device is plugged into network

Hi, I need to be alerted when a rogue/unknown device is plugged into network. Any help will be appreciated.

by Path Finder in

Defining Authorized Name Servers in ES

The ES correlation search 'DNS Query Requests Resolved by Unauthorized DNS Servers' determines if the traffic is to f...

by Explorer in

What parts of the Enterprise Security dashboard are displayed the output related to this Add-on ?

Hi Dear Friends, I installed "Splunk Add-on for Unix and Linux" and now i have a question What parts of the Enterpris...

by New Member in

Salesforce marketing cloud integration with Splunk

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...

by Explorer in

How to get the difference in count of users and then trigger an alert

Hi Everyone, I have a splunk search: Search: sourcetype = onelogin:event index = onelogin earliest=-12d AND event_...

by New Member in

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources but my other search head for apps is getting all data

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network re...

by New Member in

DNS query in threat intelligence of Enterprise Security

Hi, Configured the proxy for retrieving threat intelligence in Enterprise Security and its succesfully retrieved ...

by Path Finder in

SavedSearch running as type=Inline works, type=Saved fails - why?

I setup a saved search and it is failing to run. It is throwing an error in the gui Error in 'sendalert' command: ...

by SplunkTrust in

How to add a chart that shows the average vulnerabilities per host grouped by Service

Hi, I created a vulnerability dashboard that looks like this: VulnerabilityId, Host, Service 123, HostA, Mail 2...

by New Member in

Downloaded an old snapshot created 485320 seconds ago

As part of the destructive resync that I performed on the 2 members that were out of sync, I saw the below messages o...

by Splunk Employee in

Prerequisites for Administering ES 5.2

The prerequisites for Administering ES 5.2 are vague. Is the prerequisite completing the two courses Splunk System...

by New Member in

Network Glass table

Hello Team, Please we need to create a Network Glass Table depending with our devices that sending data to splunk...

by New Member in

How do I use an eval where the final value is pulled out of a lookup file?

How do I use an eval where the final value is pulled out of a lookup file.? Trying to use the following but cant g...

by Path Finder in

Datamodel Child object not accelerated

We created a child object within the authentication datamodel. The authentication datamodel is accelerated, when sear...

by Path Finder in

Assign Risk in Correlation Search

We are trying to integrate the risk analysis framework in our incident response process. We have developed a libr...

by Communicator in

How to tune the Splunk App for Enterprise Security to prevent our web logs from being triggered as Personally Identifiable Information Detection?

Hi Everyone, I am still learning Splunk and Enterprise Security and I am working on a problem with Splunk App for ...

by Engager in

Extracting Next Steps in Splunk ES Notables

Hey All, I am still new to Splunk so apology for my ignorance, is there a way to extract "Next Steps" under Adapti...

by New Member in

Splunkbase Add on ServiceNow

When trying to connect the "Splunk Add-on for ServiceNow" I am not able to connect to the ServiceNow instance. ER...

by New Member in

Enterprise Security: Why ES Content Updates doesn’t show the Analytic Stories?

Something looks fishy with this app. No Analytic Stories are available in the app. What should we do?

by Motivator in

"Concurrent Login Attempts Detected" CS results have hostnames and IPs showing as previous_src and src

We're getting false positives on the correlated search, "Concurrent Login Attempts Detected", because the previous_sr...

by Communicator in

script (.bat) only outputs the first 9 lines - manually running command outputs 70+

I'm attempting to get DHCP lease info and as far as I can tell I need write a script to get this info (please let me ...

by Communicator in

WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts

I am getting this message in Splunkd.log on a universal forwarder version 6.5.2. There is no such file called dist...

by Motivator in

Splunk_TA_mimecast_for_splunk_v2-2.0.1 having error while pulling the data from mimecast. - Error -Unexpected error getting raw log data Incorrect padding

I am getting below error after integrating the mimcast app. Please help. 2018-05-20 22:30:22.569 INFO message fro...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Adding an Azure sign in field to Splunk ES authentication data model

Getting started with BOTS 2.0 - need help

How to alert when a rogue/unknown device is plugged into network

Defining Authorized Name Servers in ES

What parts of the Enterprise Security dashboard are displayed the output related to this Add-on ?

Salesforce marketing cloud integration with Splunk

How to get the difference in count of users and then trigger an alert

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources but my other search head for apps is getting all data

DNS query in threat intelligence of Enterprise Security

SavedSearch running as type=Inline works, type=Saved fails - why?

How to add a chart that shows the average vulnerabilities per host grouped by Service

Downloaded an old snapshot created 485320 seconds ago

Prerequisites for Administering ES 5.2

Network Glass table

How do I use an eval where the final value is pulled out of a lookup file?

Datamodel Child object not accelerated

Assign Risk in Correlation Search

How to tune the Splunk App for Enterprise Security to prevent our web logs from being triggered as Personally Identifiable Information Detection?

Extracting Next Steps in Splunk ES Notables

Splunkbase Add on ServiceNow

Enterprise Security: Why ES Content Updates doesn’t show the Analytic Stories?

"Concurrent Login Attempts Detected" CS results have hostnames and IPs showing as previous_src and src

script (.bat) only outputs the first 9 lines - manually running command outputs 70+

WARN UserManagerPro - Can't find [distributedSearch] stanza in distsearch.conf, using default authtoken HTTP timeouts

Splunk_TA_mimecast_for_splunk_v2-2.0.1 having error while pulling the data from mimecast. - Error -Unexpected error getting raw log data Incorrect padding

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code

Adding comment (link) to Next Steps (In an alert u...

Free Training Online Classes