Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
abhinavbaluni
Hi All, I am getting the following error post configuring the opsecLEA add on my Heavy Forwarder. We are able to pu...
by abhinavbaluni New Member in Splunk Enterprise Security 11-29-2019
0 0
0
0
pbankar
I'm developing a Technology AddOn (TA) using Modular Input and as per the latest Splunk norms they will be deprecatin...
by pbankar Path Finder in Splunk Enterprise Security 11-28-2019
0 3
0
3
hing
Will ES v6.0 security components such as, content support, framework suport, shared components, integration support. ...
by hing New Member in Splunk Enterprise Security 11-28-2019
0 1
0
1
abhik1501
How do i make a query for proxy logs to check multiple users visiting the same links
by abhik1501 New Member in Splunk Enterprise Security 11-28-2019
0 1
0
1
avni26
Hi , I have data for each month like below. For example, Data1 min Months -1 322 Jan-19 1 340 ...
by avni26 Explorer in Splunk Enterprise Security 11-28-2019
0 4
0
4
mgrosholz
I have a notable event seen in Splunk Enterprise Security's Security Posture dashboard. I have reviewed it and determ...
by mgrosholz Path Finder in Splunk Enterprise Security 11-27-2019
1 6
1
6
frank3nstien
How can i detect unauthorized sysmon process of Event ID 4 and 255 using splunk query?
by frank3nstien New Member in Splunk Enterprise Security 11-27-2019
0 1
0
1
gthomas719
Hi everyone. I'm new to Splunk and trying to work on a search that would return accounts in LDAP that have already b...
by gthomas719 New Member in Splunk Enterprise Security 11-27-2019
0 3
0
3
gwes77
Hello all, a regex is needed that's way above my head: I have a message field in the notable index that holds multipl...
by gwes77 Explorer in Splunk Enterprise Security 11-27-2019
0 2
0
2
thomasvanhelden
Is it possible to check if a certain field is a multi-value field? I'm rewriting some old searches. They contain a ...
by thomasvanhelden Explorer in Splunk Enterprise Security 11-27-2019
0 8
0
8
riqbal47010
I have asset list associated with ES. Now I want to remove the assets from the list if they are not reporing more th...
by riqbal47010 Path Finder in Splunk Enterprise Security 11-27-2019
0 2
0
2
danielbb
We read someplace that ES and the SH cluster might be tricky. It is right? or ES works naturally with the SH cluste...
by danielbb Motivator in Splunk Enterprise Security 11-26-2019
0 2
0
2
harish_ka
I have an alert with 'Notable' Alert action. While checking the notable index i could see the notables triggered by ...
by harish_ka Communicator in Splunk Enterprise Security 11-26-2019
0 1
0
1
ekumar
Hello, I am trying to install the Splunk UF on a Docker container and mount the container to a specific volume. I a...
by ekumar New Member in Splunk Enterprise Security 11-25-2019
0 1
0
1
sabinayousoubuv
Hello, I have an index for a symantec produt, and I have to write a search to alert if any of the sourcetypes doesn...
by sabinayousoubuv New Member in Splunk Enterprise Security 11-24-2019
0 1
0
1
kalpesh11
Scenario: I have two panels in one dashboard. Panel A and Panel B. I need a system that, when i click on A only that ...
by kalpesh11 New Member in Splunk Enterprise Security 11-22-2019
0 2
0
2
Mani1323
We are using Symantec email gateway (Cloud)for email filtering (inbound and outbound), We would like to integrate em...
by Mani1323 New Member in Splunk Enterprise Security 11-22-2019
0 0
0
0
ashish9433
Hi, I am using below search query which list's out the sequence of login using standard querying. What the below que...
by ashish9433 Communicator in Splunk Enterprise Security 11-21-2019
0 4
0
4
rupesh67nikam
I've written below query, index=* sourcetype=* EventCode=* | rex field=_raw "((Process Command Line:\t)(?(.+)*))" |...
by rupesh67nikam New Member in Splunk Enterprise Security 11-21-2019
0 3
0
3
stevenjluke
I would like to set a custom risk score based on the number of failed authentication attempts by a user. I created t...
by stevenjluke Explorer in Splunk Enterprise Security 11-20-2019
0 2
0
2
tmwhitm
Splunkers, Once a stix formatted IOC file has been successfully uploaded via Splunk Enterprise Security "Upload Thre...
by tmwhitm New Member in Splunk Enterprise Security 11-20-2019
0 1
0
1
ESPrioleau
I've tried: <option name="charting.fieldColors">{"Blocks_Blocked":0x006400, "Allowed_block":0xCCCC00, "Allowed":0x...
by ESPrioleau New Member in Splunk Enterprise Security 11-20-2019
0 0
0
0
smlrwd
Hello everyone, I was tasked with changing over our Identity management information in splunk since we switched vend...
by smlrwd Explorer in Splunk Enterprise Security 11-20-2019
1 10
1
10
edwardrose
Hello All, I am working on tuning the Network-Unroutable Host Activity -Rule search and we are trying to exclude our...
by edwardrose Contributor in Splunk Enterprise Security 11-20-2019
0 0
0
0
cascompany
This application provides a ".spl" to install, which is perfect for "single server splunk". Since we run a clustered...
by cascompany Explorer in Splunk Enterprise Security 11-20-2019
0 3
0
3
Get Updates on the Splunk Community!

From Data to Insight: Announcing the Winners of the Splunk Dashboard Contest

Hi Splunkers, First off, thank you to everyone who participated in our very first From Data to Insight: The ...

Splunk Developers: Construct Your Future at the .conf26 Builder Bar

Calling all Splunk architects, platform admins, and app developers: the site is open, and the blueprints are ...

Quick connection discovery mode for forwarders

When a Splunk forwarder loses connectivity to its indexers, it does not always reconnect immediately. In many ...