Splunk Enterprise Security

Community Activity

	Heavy Forwarder Configuration Query Hi All, I have inherited Splunk Enterprise in my company which includes 3 Indexers, 2 Search Head and each Deploymen... by spodda01da Path Finder in Splunk Enterprise Security 11-18-2019 0 2	0	2
	Phantom: "Run Playbook in Phantom" Servers not being listed as Options In Splunk ES, under the alert actions for saved searches, there are 2 options for sending alerts to Phantom. Send t... by jamolson Path Finder in Splunk Enterprise Security 11-17-2019 0 2	0	2
	IP Reputation App - Everything has visitor_id = 1 All of my searches are returning visitor_type =1 for all domains that I run ipreputation on. An example is 125.7.102... by browncardigan Path Finder in Splunk Enterprise Security 11-17-2019 0 0	0	0
	update asset list contents I have an asset list. the owner changed for several assets. Now I just want to change the owner name against specific... by riqbal47010 Path Finder in Splunk Enterprise Security 11-17-2019 0 6	0	6
	How do I remove IOCs from a KV store? When we first got Splunk ES, one of my colleagues decided to try adding in IOCs from the Mandiant APT1 report. These... by PT088 Engager in Splunk Enterprise Security 11-16-2019 0 4	0	4
	How to extract a field with a NULL/blank value I am working with winevent logs for failed logons (Event 4625) and I have a log that has null/blank values for Accoun... by HunterJD New Member in Splunk Enterprise Security 11-16-2019 0 2	0	2
	Need a suggestion in buying recorded future for my organization Hello, We are planning to buy recorded future for my organization to integrate with splunk ES. We have small Infra... by satyaallaparthi Communicator in Splunk Enterprise Security 11-15-2019 0 1	0	1
	Splunk App for Enterprise Security ERROR I have licences for splunk enterprise security. So I tried to upload Splunk App for Enterprise Security but I get er... by hamedha Engager in Splunk Enterprise Security 11-15-2019 0 7	0	7
	Splunk Enterprise Security / OpsGenie integration issue Hello, I’d like to know if anyone was able to integrate OpsGenie with the last versions of Splunk (7.2.X) and/or las... by AlexeySh Communicator in Splunk Enterprise Security 11-14-2019 0 3	0	3
	Enterprise Security: Is Blue Coat a CIM Network Traffic compliant? Based on Sourcetypes for the Splunk Add-on for Symantec Blue Coat ProxySG bluecoat:proxysg:access:file is CIM compli... by danielbb Motivator in Splunk Enterprise Security 11-14-2019 0 7	0	7
	Strange issue with missing menu in Enterprise Security I'm hoping someone can assist me with this strange issue. For some reason my menu bar for enterprise security is gon... by tommoore Path Finder in Splunk Enterprise Security 11-13-2019 0 6	0	6
	Modify whois to use cisco umbrella instead of domain tools Hello All, I wanted to know if anyone has tried to modify whois to use cisco umbrella instead of domain tools? by prasanthkota Engager in Splunk Enterprise Security 11-13-2019 0 0	0	0
	SQL Injection Rule - Multivalue count with multiple statistical conditions Hi, I'm trying to add an additional condition to this rule. Currently it splits up the raw value from our web logs ... by swright_rl Explorer in Splunk Enterprise Security 11-13-2019 0 3	0	3
	How to Validate Datamodel Hi Friends, I am using SPLUNK ES 5.3.1 version.I am trying to validate the existing datamodels(Total 32 including ci... by Arpmjdr Explorer in Splunk Enterprise Security 11-13-2019 0 3	0	3
	Enterprise Security: why is sourcetype="bluecoat:proxysg:admin:file" tagged as error The bluecloat sourcetype "bluecoat:proxysg:admin:file" is tagged as error. It's also not listed at Sourcetypes for th... by danielbb Motivator in Splunk Enterprise Security 11-13-2019 0 2	0	2
	Fortigate Firewall logs are not populating in Intrusion Centre dashboard in Splunk Enterprise Security Hi All, Environment: Splunk Cloud We have installed "Fortinet Fortigate Add-On for Splunk" on our Onprem Heavy Forw... by bsuresh1 Path Finder in Splunk Enterprise Security 11-12-2019 0 4	0	4
	Splunk Enterprise Security: How to do conditional regex? I'm trying to unify records from two different indexes, as part of this I'm trying to create a common field by extrac... by mikeyph New Member in Splunk Enterprise Security 11-12-2019 0 1	0	1
	How to add a site into action fields in SPlunk Enterprise Security? How to add a site into action fields in Splunk Enterprise Security? We have nslookup, google search,etc added as part... by abhi04 Communicator in Splunk Enterprise Security 11-12-2019 0 0	0	0
	"UniversalForwarder Setup Wizard ended premarturely because of an error" on Windows server 2019 Standard Hello guys, We are trying to collect logs from our Active directory into Splunk enterprise, however we were getting ... by emkaxon New Member in Splunk Enterprise Security 11-12-2019 0 0	0	0
	Appendpipe or Multisearch for continuing processing after Outputlookup? I am attempting to create a custom Risk Attribution rule based on Web Proxy traffic to newly-seen (not-seen-before-ye... by stroud_bc Path Finder in Splunk Enterprise Security 11-11-2019 0 1	0	1
	Correlating multiple logs to get combined data for Active Directory Events All, Need help with combining logs from Load Balancer/SNAT and AD Domain Controller to get the combined results in a ... by cchintha New Member in Splunk Enterprise Security 11-11-2019 0 1	0	1
	match field value with multi-field value I have result in one field from the lookup and also result in second field(multivalue results) from lookup. Accessed... by N92 Path Finder in Splunk Enterprise Security 11-11-2019 0 1	0	1
	Splunk Enterprise Security: Drilldown stats list Hi, I am building a vulnerability dashboard and got the following table: To make it easier to read I like to comb... by gbhw New Member in Splunk Enterprise Security 11-11-2019 0 2	0	2
	Firemon Server Control Panel integration with Splunk Hi, Is it possible to integrate Firemon Server Control Panel with Splunk? Syslog can be enabled on Firemon SCP. by anishrai New Member in Splunk Enterprise Security 11-11-2019 0 0	0	0
	Compare search using join and subsearch in 2 different indexes Hi, I've got 2 index logs to do a comparison with for emails. So in my mind is to use subsearch and join - but doesn... by SplunkNewbie18 New Member in Splunk Enterprise Security 11-09-2019 0 5	0	5