Splunk Enterprise Security

Discussions

Thread Info

how to integrate with splunk and alienvault ?

AlienVault Ossim App by A3SEC i just install the app and follow the document but i didnt get the dashboard same as al...

by New Member in

Does Splunk 7.2 support Onapsis for SAP integration

Hi All, Hope you are doing well. I have requirement to integrate Onapsis for SAP with Splunk. As per app doc...

by Path Finder in

Null value for urgency in incident_review lookup

Hi Splunkers, when we save\close notable events without changing the Urgency we get no any value (null) for urgenc...

by Contributor in

Splunk Enterprise Security: Dashboards not loading data

We have a indexer , heavy forwarder, 2 search head , 1 deployment server . The splunk enterprise Search head dashboar...

by New Member in

Adding field from one search to another

Hello All on Splunk Answer. I have following very simple search: *index=*proxy domain="somedomain.com" | stats ...

by New Member in

Splunk ES Duplicate of Notable Events displaying in Incident Review Dashboard

Hi Everyone, I have an issue where I am seeing am seeing duplicate notable events for a single event. So heres th...

by Path Finder in

Help with creating field extractions for map

Can you help map creating field extractions Please use the ES CIM model where possible for field names: There are...

by Explorer in

How to make second token value be based on choice made for first token

Token 1: <label>OS</label> <choice value="Windows">Windows</choice> <choice value="RedHat">RedHat</choice> ...

by Observer in

How to get the results of a correlation search when we have success after login failures by user?

Hi All, Below is the correlation search. I want the results for bruteforcesearch query only when we have successfu...

by Communicator in

ES detected "Default Account at Rest" - How do you fix this?

Good morning, I have been receiving a notable even in ES that states there are default accounts at rest on a certa...

by Path Finder in

How to get the last login time for the user for the correlation search " Access - Inactive Account Usage"?

How to get the last login time for the user for the correlation search " Access - Inactive Account Usage"? Below is t...

by Communicator in

A bit stuck with syntax while working with an ES search

Hello, I found two cases where the ES correlated search "Brute Force Access Behavior Detected" is "invalid" for ou...

by Path Finder in

Incident Review Dashboard Issue for a User

Hi Team, We have a separate ES- Splunk Cloud for our organisation. So in which we have provided access via SAML...

by Path Finder in

Reverse engineering an enterprise security correlation search

I am doing a deep dive to understand the internals of a correlation search within ES so that I can justify creating n...

by Path Finder in

Enterprise Security: who can assign incidents?

I wonder who within Incident Review can assign incidents to the group members? Does anybody can assign them?

by Motivator in

Extracting SHA256 field

Hello, I am trying to extract fields using Splunk field extractor and I reached a point where I got the following ...

by New Member in

Correlation search: email notification subject line

Dear Helpful bloggers, morning I have question on rule action: While setting Adaptive Response Actions for Correal...

by Path Finder in

input lookup file to search email traffic

Hi, I am new to Splunk. I have an input lookup file with some high risk internal email addresses in it . I want...

by New Member in

Manually create a notable event with a pre-determined timestamp

I am trying to manually create 500 new notable events that all have the same timestamp. I have not been able to find ...

by Explorer in

ES search head notable events for zscaler have signature "None"

Hi All, We're getting a number of notable events through originating from zscaler that have a signature of "None"....

by New Member in

Enterprise security engineering tasks

Hi in my company they recently migrated to Spunk(Enterprise Security) from QRador so installation part is done rule c...

by Explorer in

how to work on SIEM in splunk?

Hii, all I had a developer license to work with splunk.i was unable to implement by the splunk SIEM. why ?? how to i...

by New Member in

How to filter only one email address domain if you have multiple email address entries

How to filter only one email address domain if you have multiple email address entries, example : I have more than 10...

by New Member in

KVStore Initialization

I'm trying to install Enterprise Security 4 on Splunk 6.3 and it is hanging on the installing apps phase. I've restar...

by Splunk Employee in

how to combine list of domain controllers

we are using enterprise security we have 20 domain controllers we need to combine them and use in search

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

how to integrate with splunk and alienvault ?

Does Splunk 7.2 support Onapsis for SAP integration

Null value for urgency in incident_review lookup

Splunk Enterprise Security: Dashboards not loading data

Adding field from one search to another

Splunk ES Duplicate of Notable Events displaying in Incident Review Dashboard

Help with creating field extractions for map

How to make second token value be based on choice made for first token

How to get the results of a correlation search when we have success after login failures by user?

ES detected "Default Account at Rest" - How do you fix this?

How to get the last login time for the user for the correlation search " Access - Inactive Account Usage"?

A bit stuck with syntax while working with an ES search

Incident Review Dashboard Issue for a User

Reverse engineering an enterprise security correlation search

Enterprise Security: who can assign incidents?

Extracting SHA256 field

Correlation search: email notification subject line

input lookup file to search email traffic

Manually create a notable event with a pre-determined timestamp

ES search head notable events for zscaler have signature "None"

Enterprise security engineering tasks

how to work on SIEM in splunk?

How to filter only one email address domain if you have multiple email address entries

KVStore Initialization

how to combine list of domain controllers

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

Free Training Online Classes

Editing the alert that is sent to PagerDuty

Throttling Notables - Do Underlying Alerts Need to...

How long are asset list field values stored in the...

Documentation for SA-AccessProtection / DA-ESS-Acc...