Splunk Enterprise Security

Discussions

Thread Info

Splunk App for Enterprise Security ERROR

I have licences for splunk enterprise security. So I tried to upload Splunk App for Enterprise Security but I get err...

by Engager in

Splunk Enterprise Security / OpsGenie integration issue

Hello, I’d like to know if anyone was able to integrate OpsGenie with the last versions of Splunk (7.2.X) and/or l...

by Communicator in

Enterprise Security: Is Blue Coat a CIM Network Traffic compliant?

Based on Sourcetypes for the Splunk Add-on for Symantec Blue Coat ProxySG bluecoat:proxysg:access:file is CIM comp...

by Motivator in

Strange issue with missing menu in Enterprise Security

I'm hoping someone can assist me with this strange issue. For some reason my menu bar for enterprise security is gone...

by Path Finder in

Modify whois to use cisco umbrella instead of domain tools

Hello All, I wanted to know if anyone has tried to modify whois to use cisco umbrella instead of domain tools?

by New Member in

SQL Injection Rule - Multivalue count with multiple statistical conditions

Hi, I'm trying to add an additional condition to this rule. Currently it splits up the raw value from our web l...

by Explorer in

How to Validate Datamodel

Hi Friends, I am using SPLUNK ES 5.3.1 version.I am trying to validate the existing datamodels(Total 32 including ...

by Explorer in

Enterprise Security: why is sourcetype="bluecoat:proxysg:admin:file" tagged as error

The bluecloat sourcetype "bluecoat:proxysg:admin:file" is tagged as error. It's also not listed at Sourcetypes for th...

by Motivator in

Fortigate Firewall logs are not populating in Intrusion Centre dashboard in Splunk Enterprise Security

Hi All, Environment: Splunk Cloud We have installed "Fortinet Fortigate Add-On for Splunk" on our Onprem Heavy ...

by Path Finder in

Splunk Enterprise Security: How to do conditional regex?

I'm trying to unify records from two different indexes, as part of this I'm trying to create a common field by extrac...

by New Member in

How to add a site into action fields in SPlunk Enterprise Security?

How to add a site into action fields in Splunk Enterprise Security? We have nslookup, google search,etc added as part...

by Path Finder in

"UniversalForwarder Setup Wizard ended premarturely because of an error" on Windows server 2019 Standard

Hello guys, We are trying to collect logs from our Active directory into Splunk enterprise, however we were gettin...

by New Member in

Appendpipe or Multisearch for continuing processing after Outputlookup?

I am attempting to create a custom Risk Attribution rule based on Web Proxy traffic to newly-seen (not-seen-before-ye...

by Path Finder in

Correlating multiple logs to get combined data for Active Directory Events

All, Need help with combining logs from Load Balancer/SNAT and AD Domain Controller to get the combined results in a ...

by New Member in

match field value with multi-field value

I have result in one field from the lookup and also result in second field(multivalue results) from lookup. Access...

by Path Finder in

Splunk Enterprise Security: Drilldown stats list

Hi, I am building a vulnerability dashboard and got the following table: To make it easier to read I li...

by New Member in

Firemon Server Control Panel integration with Splunk

Hi, Is it possible to integrate Firemon Server Control Panel with Splunk? Syslog can be enabled on Firemon SCP.

by New Member in

Compare search using join and subsearch in 2 different indexes

Hi, I've got 2 index logs to do a comparison with for emails. So in my mind is to use subsearch and join - but doe...

by New Member in

Enterprise Security: where is the CIM compatibility breakdown per sourcetype for Splunk_TA_symantec-ep?

Looking at Splunk_TA_symantec-ep and I wonder where the documentation for the sourcetypes, which are CIM compliant, i...

by Motivator in

How to identity logoffs when there isn't always a logoff event

I've been working on a problem that has me stumped. I have a 4624 and 4633 event that I want to correspond with e...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Splunk App for Enterprise Security ERROR

Splunk Enterprise Security / OpsGenie integration issue

Enterprise Security: Is Blue Coat a CIM Network Traffic compliant?

Strange issue with missing menu in Enterprise Security

Modify whois to use cisco umbrella instead of domain tools

SQL Injection Rule - Multivalue count with multiple statistical conditions

How to Validate Datamodel

Enterprise Security: why is sourcetype="bluecoat:proxysg:admin:file" tagged as error

Fortigate Firewall logs are not populating in Intrusion Centre dashboard in Splunk Enterprise Security

Splunk Enterprise Security: How to do conditional regex?

How to add a site into action fields in SPlunk Enterprise Security?

"UniversalForwarder Setup Wizard ended premarturely because of an error" on Windows server 2019 Standard

Appendpipe or Multisearch for continuing processing after Outputlookup?

Correlating multiple logs to get combined data for Active Directory Events

match field value with multi-field value

Splunk Enterprise Security: Drilldown stats list

Firemon Server Control Panel integration with Splunk

Compare search using join and subsearch in 2 different indexes

Enterprise Security: where is the CIM compatibility breakdown per sourcetype for Splunk_TA_symantec-ep?

How to identity logoffs when there isn't always a logoff event

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Enterprise Security - Correlation Search - Notable...

Enterprise Security Incident Review Default Filter...

Threat Intelligence Management - Wrong threat matc...

Can someone recommend a threat intel feed of malic...

Migrating Splunk Enterprise Security from VM to ne...