Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Rename existing correlation search Title

Hi Fellows, I need to change the title of existing correlation search which I am not able to do as the options are...

by Explorer in

Problem with threat notables on Splunk ES

Hello , We have a Splunk ES 5.1.0 application installed on Splunk Entreprise version 7.2.0. We need to collect...

by Path Finder in

MLTK: Does it support multi-output classification?

Does the MLTK support multi-output classification, i.e., more than 1 predicted field? Thank you.

by Engager in

How to compare 2 lists from 2 different searches ?

I have 2 different searches to create 2 hosts list, and I want below from splunk search: 1. Find all hosts from 1st s...

by Path Finder in

How to deploy SPL Splunk image on Linux

Dear all, I have downloaded SPL tared image at https://splunkbase.splunk.com/app/4516/ and I want to deploy it Lin...

by New Member in

SSL Medium Strength Cipher Suites Supported (SWEET32) and SSL RC4 Cipher Suites Supported (Bar Mitzvah) {CVE-2016-2183 , CVE-2013-2566,CVE-2015-2808}

We have received notice that our splunk heavy forwarder is vulnerable to CVE-2016-2183 , CVE-2013-2566,CVE-2015-2808....

by New Member in

Adding an Azure sign in field to Splunk ES authentication data model

We recently started to ingest Microsoft's Azure sign-in events and one thing I've noticed are some values from the cl...

by Influencer in

Getting started with BOTS 2.0 - need help

Hello Everyone I am curious to learn with BOTS 2.0 but need some help. I have downloaded BOTS 2.0 but unable to...

by New Member in

How to alert when a rogue/unknown device is plugged into network

Hi, I need to be alerted when a rogue/unknown device is plugged into network. Any help will be appreciated.

by Path Finder in

Defining Authorized Name Servers in ES

The ES correlation search 'DNS Query Requests Resolved by Unauthorized DNS Servers' determines if the traffic is to f...

by Explorer in

What parts of the Enterprise Security dashboard are displayed the output related to this Add-on ?

Hi Dear Friends, I installed "Splunk Add-on for Unix and Linux" and now i have a question What parts of the Enterpris...

by New Member in

Salesforce marketing cloud integration with Splunk

Hello experts, I am trying to integration salesforce cloud modules into splunk for security monitoring. Does anyne ha...

by Explorer in

How to get the difference in count of users and then trigger an alert

Hi Everyone, I have a splunk search: Search: sourcetype = onelogin:event index = onelogin earliest=-12d AND event_...

by New Member in

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources but my other search head for apps is getting all data

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network re...

by New Member in

DNS query in threat intelligence of Enterprise Security

Hi, Configured the proxy for retrieving threat intelligence in Enterprise Security and its succesfully retrieved ...

by Path Finder in

SavedSearch running as type=Inline works, type=Saved fails - why?

I setup a saved search and it is failing to run. It is throwing an error in the gui Error in 'sendalert' command: ...

by SplunkTrust in

How to add a chart that shows the average vulnerabilities per host grouped by Service

Hi, I created a vulnerability dashboard that looks like this: VulnerabilityId, Host, Service 123, HostA, Mail 2...

by New Member in

Downloaded an old snapshot created 485320 seconds ago

As part of the destructive resync that I performed on the 2 members that were out of sync, I saw the below messages o...

by Splunk Employee in

Prerequisites for Administering ES 5.2

The prerequisites for Administering ES 5.2 are vague. Is the prerequisite completing the two courses Splunk System...

by New Member in

Network Glass table

Hello Team, Please we need to create a Network Glass Table depending with our devices that sending data to splunk...

by New Member in

How do I use an eval where the final value is pulled out of a lookup file?

How do I use an eval where the final value is pulled out of a lookup file.? Trying to use the following but cant g...

by Path Finder in

Datamodel Child object not accelerated

We created a child object within the authentication datamodel. The authentication datamodel is accelerated, when sear...

by Path Finder in

Assign Risk in Correlation Search

We are trying to integrate the risk analysis framework in our incident response process. We have developed a libr...

by Communicator in

How to tune the Splunk App for Enterprise Security to prevent our web logs from being triggered as Personally Identifiable Information Detection?

Hi Everyone, I am still learning Splunk and Enterprise Security and I am working on a problem with Splunk App for ...

by Engager in

Extracting Next Steps in Splunk ES Notables

Hey All, I am still new to Splunk so apology for my ignorance, is there a way to extract "Next Steps" under Adapti...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Rename existing correlation search Title

Problem with threat notables on Splunk ES

MLTK: Does it support multi-output classification?

How to compare 2 lists from 2 different searches ?

How to deploy SPL Splunk image on Linux

SSL Medium Strength Cipher Suites Supported (SWEET32) and SSL RC4 Cipher Suites Supported (Bar Mitzvah) {CVE-2016-2183 , CVE-2013-2566,CVE-2015-2808}

Adding an Azure sign in field to Splunk ES authentication data model

Getting started with BOTS 2.0 - need help

How to alert when a rogue/unknown device is plugged into network

Defining Authorized Name Servers in ES

What parts of the Enterprise Security dashboard are displayed the output related to this Add-on ?

Salesforce marketing cloud integration with Splunk

How to get the difference in count of users and then trigger an alert

Splunk Enterprise security search head is not pulling logs from firewall, waf,proxy logs, MFA, sandbox, ...network resources but my other search head for apps is getting all data

DNS query in threat intelligence of Enterprise Security

SavedSearch running as type=Inline works, type=Saved fails - why?

How to add a chart that shows the average vulnerabilities per host grouped by Service

Downloaded an old snapshot created 485320 seconds ago

Prerequisites for Administering ES 5.2

Network Glass table

How do I use an eval where the final value is pulled out of a lookup file?

Datamodel Child object not accelerated

Assign Risk in Correlation Search

How to tune the Splunk App for Enterprise Security to prevent our web logs from being triggered as Personally Identifiable Information Detection?

Extracting Next Steps in Splunk ES Notables

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

How to Send Splunk Observability Alerts to Webex teams in Minutes

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions