Splunk Enterprise Security

Ask a Question

Discussions

Thread Info

Difference between Palo alto all indecent and ES notable events?

Hi Splunkers, We are getting critical incidents in Palo alto All incidents dashboard. We configured ES threat act...

by Champion in

Help with Suspect IP hits to my web.

Hello, I have WEB IIS Logs. we have IP addresses in the web logs and want to know when web hits from suspect IP'...

by Communicator in

Can a Splunk Heavy Forwarder send data via UDP or does it have to be TCP?

Can a Splunk Heavy Forwarder send data via UDP or does it have to be TCP? We need to implement a one-way transfer...

by Explorer in

Current User Variable within Adaptive Response

We're using an adaptive response rule to create tickets for our notable events. One item that I need is the current l...

by Path Finder in

Enterprise Security: why don't the events get indexed to the notable index?

This one is, in a sense, a continuation of Enterprise Security: How can I trace the notable events? Running - inde...

by Motivator in

When upgrading Splunk Enterprise Security from 4.7.x to 5.2.2, should we plan incremental upgrades?

Hello, I just wanted a confirmation if the following upgrade paths are supported. My organization plans to do t...

by Explorer in

Check secure communication establish between search head and indexer

Hi Experts, I am new in Splunk, especially in a Splunk distributed environment creation. For enable SSL on splunkW...

by Path Finder in

CIM malware actions

Greetings... We are currently using ES and ingesting data from our IDS and AV to populate the Malware DataModel. A...

by Communicator in

The Asset Center and Identity Center dashboard.

Hi Splunkers; Before was Asset Center and Identity Center dashboards takes results from assets.csv and identities....

by Path Finder in

Omit Token Value from Results on 1 Panel

I'm have a dashboard with multiple panels, some of which provide hostnames and others that do not (some coming from A...

by Path Finder in

Can you help me count the following two files?

Hi, i have two files | inputlookup ABC | stat count result=10 | inputlookup XYZ | stat count result=20 i w...

by Motivator in

CVE-2016-7103 vulnerability is detected in Splunk 6.6.6

Through BURP scan reports we could find https://www.cvedetails.com/cve/CVE-2016-7103/ vulnerability reported in Splun...

by New Member in

Where is the search Throttling fields table storied? and can you search for an value in it?

Correlation Search, you throttling them based on fields for a Window duration. Where does Splunk store the fields ans...

by Explorer in

Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions?

I install Forescout App and Add-ons for Splunk Enterprise Security but I receive a alert and the active alerts is not...

by Explorer in

Splunk Enterprise Security: Phantom IP address "refused to connect" on Google Chrome

Hello, I'm trying to access the Phantom web servers but when I use the IP address into Chrome, it says it "refused to...

by Engager in

When is a Failed Login, not a failed login...

Hi, How can I prevent the Splunk Nix TA from mapping the following event to a 'Failed Login' within the Authentica...

by Path Finder in

Need a help with workflow action or notable event contribution Events

Hello, We created a notable event for DLP which creating Contributing Events: DLP Drilldown for 652837 when...

by Communicator in

Enterprise Security: what makes a correlation search a correlation search?

I'm looking at a sample correlation search called Abnormally High Number of HTTP Method Events By Src - | tstats `...

by Motivator in

Does Value Exist in KV Store

Hi All, Sorry, this might be an obvious one but I'm having trouble finding information on this specific problem. I...

by Explorer in

Enterprise Security: can we extend the cim definition with our own custom fields?

The TA mapped our bluecoat index as a Web cim compliant. Looking at our bluecoat index and reports we built on top an...

by Motivator in

Splunk Enterprise Security: Look up file in correlation searches not populating

The following 3 Correlation Searches within ES have the error "lookup file is not populated": Detect AWS Console L...

by Communicator in

Can I pass tokens (like in email notice) as an arguments to Script for SMS alerting?

Hi, I have SMS alerts sent to me as an action of Splunk alert. I have successfully passed the arguments that avai...

by Path Finder in

how to compare successful logins in the host with yesterday's

Hello, I am getting successful logins from each server which is like 4000 per day from Each server. But some days...

by Communicator in

ES - Threat Intelligence - FS-ISAC Feeds

Attempting to ingest feeds from FS-ISAC into ES. I can see in splunk that a file is created: 2018-06-19 17:01:28,107...

by Engager in

Values and counts

Ex: query=google.com , yahoo.com src= xyz-pc , abc-pc I want to know the count of queries to each domain queried b...

by Explorer in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Difference between Palo alto all indecent and ES notable events?

Help with Suspect IP hits to my web.

Can a Splunk Heavy Forwarder send data via UDP or does it have to be TCP?

Current User Variable within Adaptive Response

Enterprise Security: why don't the events get indexed to the notable index?

When upgrading Splunk Enterprise Security from 4.7.x to 5.2.2, should we plan incremental upgrades?

Check secure communication establish between search head and indexer

CIM malware actions

The Asset Center and Identity Center dashboard.

Omit Token Value from Results on 1 Panel

Can you help me count the following two files?

CVE-2016-7103 vulnerability is detected in Splunk 6.6.6

Where is the search Throttling fields table storied? and can you search for an value in it?

Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions?

Splunk Enterprise Security: Phantom IP address "refused to connect" on Google Chrome

When is a Failed Login, not a failed login...

Need a help with workflow action or notable event contribution Events

Enterprise Security: what makes a correlation search a correlation search?

Does Value Exist in KV Store

Enterprise Security: can we extend the cim definition with our own custom fields?

Splunk Enterprise Security: Look up file in correlation searches not populating

Can I pass tokens (like in email notice) as an arguments to Script for SMS alerting?

how to compare successful logins in the host with yesterday's

ES - Threat Intelligence - FS-ISAC Feeds

Values and counts

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Has anyone used finding-based detection on ES 8.0 ...

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Splunk Enterprise Security

Are you a member of the Splunk Community?

Discussions