Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Dropdown: Could not create search

This is a dependent dropdown. since the token in query,ac_domain has value, customer_name. index has fields aws_acco...

by Communicator in

Enterprise Security: How to get a field break-down for a Web datamodel?

I'm looking at the Web datamodel and try to determine which fields are populated. I can do : | tstats dc(sourcety...

by Motivator in

In Enterprise Security's credential manager, are the passwords encrypted? If yes, what level of encryption is it?

This is just a question if credential manager uses encryption.

by Splunk Employee in

How can I troubleshoot the 'Substantial Increase in Port Activity' ES Correlation Search?

I have a significant number of Notables raised by the Substantial Increase in Port Activity correlation search. Pi...

by Communicator in

Need a help with skipped saved searches and help with calculation in limits

Hello, My schedule jobs are skipping all the time and getting following reasons: The maximum number of concurr...

by Communicator in

Phantom: Multiple Playbook Prompt Options

Hello again everyone, Was wondering if anyone has been able to get Phantom Playbook Prompts to be able to nest respo...

by Path Finder in

Bogon list

Hi, In ES there is a bogonlist included with subnet masks for bogus ip ranges. How is this used standard in Splunk...

by Path Finder in

G-Suite for Splunk: Error received when logging

Hi All, I tried to install the app "G-Suite For Splunk" and was able to do both the authentications successfully. ...

by Engager in

Error migrating deprecated review status transitions

hi ,everyone! Recently my splunk always received the following error message.I suspect it is a problem for splunk...

by Contributor in

Activity from expired identity keeps triggered although csv has been edited

I have changed the identities.csv and prolonged the expiration of an identity. However, the alert keep getting trigge...

by Communicator in

Splunk SIEM sanbox page stuck on authentication

Hi Experts, My Splunk SIEM sandbox never opened . I have received an email which has link to open sandbox and from...

by New Member in

Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed

Hello, We have an AR Action, and it works fine with correlation search. But when we try to invoke it as adhoc acti...

by Path Finder in

Adaptive response actions wont show up

We have created a large amount of custom Adaptive response actions that primarily consist of actions that fetch infor...

by Explorer in

Health Check: msg="A script exited abnormally with exit status: 4"

From the Monitoring Console: Health Check: msg="A script exited abnormally with exit status: 4" input="./opt/splu...

by Path Finder in

Comparing results from two searches

index="A" sourcetype=B action=Yes | search NOT [ search index="A" sourcetype=B action="No" | fields User ] | stats co...

by Explorer in

Use Monitoring Console to monitor a Search Head with Enterprise Security

Hi at all, I have the following architecture: 2 clustered Indexers,2 Search Heads,1 Master Node,1 Deployment Serve...

by SplunkTrust in

How to create a correlation search from a threat intelligence feed

I wanted to take malicious IP's/URL's that the threat Intel feeds provides and compare them against logs/traffic we s...

by New Member in

New Security Domain

I want to add a new Security Domain called "Email" in Enterprise Security (ES) App and later map it to notables. Righ...

by Explorer in

ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality)

Hi Team, We are performing Splunk ES upgrade from 4.7.1 to 5.2.0. Post upgrade, I have few .xml, .json files that ...

by Path Finder in

Custom Alerts in SPLUNK Enterprise

We have recently installed Enterprise Security and have enabled a few use cases. This was done with the guidance of S...

by Contributor in

[ES Managed Lookup] error: "An error occurred" in popup window when clicking "Stop managing"

When creating a managed lookup and the destination app is chosen to be a custom app we made (that ES inherits), it cr...

by Splunk Employee in

How do I determine why a Correlation Search isn't creating a notable event when I expected one?

I have a Correlation Search that didn't generate notable events in a couple where I think it should have. How can I d...

by Champion in

Splunk Enterprise Security: How to exclude indexes from Authentication Data Model

How to exclude some indexes from authentication data model? We have some indexes such as lastchanceindex, but eventty...

by Path Finder in

Searching notable events in ES to match user field

Folks, I'm trying to match a field (user) from a search to see if any previous notable events ES have been generated ...

by New Member in

Linux encryption

We're looking into full disk encryption and was looking in Linux full disk encryption. Any concerns you can think of?

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Dropdown: Could not create search

Enterprise Security: How to get a field break-down for a Web datamodel?

In Enterprise Security's credential manager, are the passwords encrypted? If yes, what level of encryption is it?

How can I troubleshoot the 'Substantial Increase in Port Activity' ES Correlation Search?

Need a help with skipped saved searches and help with calculation in limits

Phantom: Multiple Playbook Prompt Options

Bogon list

G-Suite for Splunk: Error received when logging

Error migrating deprecated review status transitions

Activity from expired identity keeps triggered although csv has been edited

Splunk SIEM sanbox page stuck on authentication

Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed

Adaptive response actions wont show up

Health Check: msg="A script exited abnormally with exit status: 4"

Comparing results from two searches

Use Monitoring Console to monitor a Search Head with Enterprise Security

How to create a correlation search from a threat intelligence feed

New Security Domain

ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality)

Custom Alerts in SPLUNK Enterprise

[ES Managed Lookup] error: "An error occurred" in popup window when clicking "Stop managing"

How do I determine why a Correlation Search isn't creating a notable event when I expected one?

Splunk Enterprise Security: How to exclude indexes from Authentication Data Model

Searching notable events in ES to match user field

Linux encryption

Demo Day: Strengthen Your SOC with Splunk Enterprise Security 8.1

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions