Splunk Enterprise Security

Community Activity

Need a suggestion in buying recorded future for my organization Hello, We are planning to buy recorded future for my organization to integrate with splunk ES. We have small Infra... by satyaallaparthi Communicator in Splunk Enterprise Security 11-15-2019 0 1	0	1
Splunk App for Enterprise Security ERROR I have licences for splunk enterprise security. So I tried to upload Splunk App for Enterprise Security but I get er... by hamedha Engager in Splunk Enterprise Security 11-15-2019 0 7	0	7
Splunk Enterprise Security / OpsGenie integration issue Hello, I’d like to know if anyone was able to integrate OpsGenie with the last versions of Splunk (7.2.X) and/or las... by AlexeySh Communicator in Splunk Enterprise Security 11-14-2019 0 3	0	3
Enterprise Security: Is Blue Coat a CIM Network Traffic compliant? Based on Sourcetypes for the Splunk Add-on for Symantec Blue Coat ProxySG bluecoat:proxysg:access:file is CIM compli... by danielbb Motivator in Splunk Enterprise Security 11-14-2019 0 7	0	7
Strange issue with missing menu in Enterprise Security I'm hoping someone can assist me with this strange issue. For some reason my menu bar for enterprise security is gon... by tommoore Path Finder in Splunk Enterprise Security 11-13-2019 0 6	0	6
Modify whois to use cisco umbrella instead of domain tools Hello All, I wanted to know if anyone has tried to modify whois to use cisco umbrella instead of domain tools? by prasanthkota Engager in Splunk Enterprise Security 11-13-2019 0 0	0	0
SQL Injection Rule - Multivalue count with multiple statistical conditions Hi, I'm trying to add an additional condition to this rule. Currently it splits up the raw value from our web logs ... by swright_rl Explorer in Splunk Enterprise Security 11-13-2019 0 3	0	3
How to Validate Datamodel Hi Friends, I am using SPLUNK ES 5.3.1 version.I am trying to validate the existing datamodels(Total 32 including ci... by Arpmjdr Explorer in Splunk Enterprise Security 11-13-2019 0 3	0	3
Enterprise Security: why is sourcetype="bluecoat:proxysg:admin:file" tagged as error The bluecloat sourcetype "bluecoat:proxysg:admin:file" is tagged as error. It's also not listed at Sourcetypes for th... by danielbb Motivator in Splunk Enterprise Security 11-13-2019 0 2	0	2
Fortigate Firewall logs are not populating in Intrusion Centre dashboard in Splunk Enterprise Security Hi All, Environment: Splunk Cloud We have installed "Fortinet Fortigate Add-On for Splunk" on our Onprem Heavy Forw... by bsuresh1 Path Finder in Splunk Enterprise Security 11-12-2019 0 4	0	4
Splunk Enterprise Security: How to do conditional regex? I'm trying to unify records from two different indexes, as part of this I'm trying to create a common field by extrac... by mikeyph New Member in Splunk Enterprise Security 11-12-2019 0 1	0	1
How to add a site into action fields in SPlunk Enterprise Security? How to add a site into action fields in Splunk Enterprise Security? We have nslookup, google search,etc added as part... by abhi04 Communicator in Splunk Enterprise Security 11-12-2019 0 0	0	0
"UniversalForwarder Setup Wizard ended premarturely because of an error" on Windows server 2019 Standard Hello guys, We are trying to collect logs from our Active directory into Splunk enterprise, however we were getting ... by emkaxon New Member in Splunk Enterprise Security 11-12-2019 0 0	0	0
Appendpipe or Multisearch for continuing processing after Outputlookup? I am attempting to create a custom Risk Attribution rule based on Web Proxy traffic to newly-seen (not-seen-before-ye... by stroud_bc Path Finder in Splunk Enterprise Security 11-11-2019 0 1	0	1
Correlating multiple logs to get combined data for Active Directory Events All, Need help with combining logs from Load Balancer/SNAT and AD Domain Controller to get the combined results in a ... by cchintha New Member in Splunk Enterprise Security 11-11-2019 0 1	0	1
match field value with multi-field value I have result in one field from the lookup and also result in second field(multivalue results) from lookup. Accessed... by N92 Path Finder in Splunk Enterprise Security 11-11-2019 0 1	0	1
Splunk Enterprise Security: Drilldown stats list Hi, I am building a vulnerability dashboard and got the following table: To make it easier to read I like to comb... by gbhw New Member in Splunk Enterprise Security 11-11-2019 0 2	0	2
Firemon Server Control Panel integration with Splunk Hi, Is it possible to integrate Firemon Server Control Panel with Splunk? Syslog can be enabled on Firemon SCP. by anishrai New Member in Splunk Enterprise Security 11-11-2019 0 0	0	0
Compare search using join and subsearch in 2 different indexes Hi, I've got 2 index logs to do a comparison with for emails. So in my mind is to use subsearch and join - but doesn... by SplunkNewbie18 New Member in Splunk Enterprise Security 11-09-2019 0 5	0	5
Enterprise Security: where is the CIM compatibility breakdown per sourcetype for Splunk_TA_symantec-ep? Looking at Splunk_TA_symantec-ep and I wonder where the documentation for the sourcetypes, which are CIM compliant, i... by danielbb Motivator in Splunk Enterprise Security 11-08-2019 0 1	0	1
How to identity logoffs when there isn't always a logoff event I've been working on a problem that has me stumped. I have a 4624 and 4633 event that I want to correspond with eac... by nando10 Explorer in Splunk Enterprise Security 11-08-2019 1 11	1	11
Splunk Enterprise Security: Cisco ASA logs extracting in ES search- in search and reporting, but not in ES search? Hi, I have the Cisco ASA TA installed and things look great on my Enterprise Security search head when I search for t... by tiaatim Path Finder in Splunk Enterprise Security 11-08-2019 0 11	0	11
Subsearch results not matching special characters Hi, I'm trying to match email events which may consists of alphabets, numbers and special characters and do a count ... by SplunkNewbie18 New Member in Splunk Enterprise Security 11-07-2019 0 2	0	2
Lookup: 'PrivilegedRiskScores' is missing With Security Essentials, I get an error: [Indexer] Streamed search execute failed because: Error in 'lookup' comman... by richardphung Communicator in Splunk Enterprise Security 11-07-2019 0 0	0	0
Splenk ES Threat Intel - Any help or Benefit ? HI all, Anyone out there had any benefit from the free Threat intel List in Splunk ES? Its causing alot of noise, I... by siddh01r New Member in Splunk Enterprise Security 11-06-2019 0 2	0	2