Splunk Enterprise Security

Splunk Enterprise Security
Community Activity
danielbb
The SA-cim-validator displays the recommended fields while the official documentation at Common Information Model Add...
by danielbb Motivator in Splunk Enterprise Security 10-18-2019
0 11
0
11
callumring
Hi, We have pulled logs from our Anti Virus software into splunk and are in process of trying to filter through what...
by callumring New Member in Splunk Enterprise Security 10-18-2019
0 3
0
3
paola92
Hi, I integrated my firewall sonicwall using the guide for Dell Sonicwall Analytics and this applications is working...
by paola92 Explorer in Splunk Enterprise Security 10-17-2019
0 0
0
0
danielbb
When we create the correlated searches, how do we specify which fields will be visible in the notable event / inciden...
by danielbb Motivator in Splunk Enterprise Security 10-17-2019
1 2
1
2
raymondmorris
I am in the the process of gathering CEUs for my CompTIA Sec+. In order to have CompTIA give me credit for the SPLUN...
by raymondmorris New Member in Splunk Enterprise Security 10-17-2019
0 1
0
1
splunk_zen
According to https://docs.splunk.com/Documentation/AddOns/released/MSSQLServer/SQLServerconfiguration Audit even...
by splunk_zen Builder in Splunk Enterprise Security 10-17-2019
0 1
0
1
mikeytheb
I have a Government customer asking me to provide Splunk compliance with MIL-STD-1472G. Since Splunk sells to local,...
by mikeytheb New Member in Splunk Enterprise Security 10-16-2019
0 1
0
1
raja480
Can some one draw a flowchart or work flow of TA works in splunk ? Need to know If Addon installed in HF/UF , indexe...
by raja480 New Member in Splunk Enterprise Security 10-16-2019
0 1
0
1
kevin_call
We have an employee that left the company and we need to re-assign ownership to a new person. Is there a way to do a...
by kevin_call New Member in Splunk Enterprise Security 10-16-2019
0 1
0
1
danielbb
The cim_Authentication_indexes is defined, in our case, as (index=wineventlog OR index=<linux> OR index=<rsa> OR ...)...
by danielbb Motivator in Splunk Enterprise Security 10-16-2019
1 8
1
8
coulouteg
Hello, I am trying to figure out how to run a query in my splunk environment to find all the traffic activities of a ...
by coulouteg New Member in Splunk Enterprise Security 10-16-2019
0 1
0
1
danielbb
The team here is not satisfied with the capabilities, workflow of the Incident Review section of ES. Is there a nice ...
by danielbb Motivator in Splunk Enterprise Security 10-15-2019
0 1
0
1
vikram1583
I created few correlation searches notable events in Enterprise security and in Incident Review - Table Attributes I...
by vikram1583 Explorer in Splunk Enterprise Security 10-15-2019
0 1
0
1
samadmemon
Hi All, Request you to post the query for retrieving messages displayed on the top of the UI so that a Dashboard/rep...
by samadmemon Explorer in Splunk Enterprise Security 10-15-2019
0 1
0
1
danielbb
We are wondering how to enable the automatic updates by the ESCU. We have it working fine but it doesn't seem to fetc...
by danielbb Motivator in Splunk Enterprise Security 10-15-2019
0 5
0
5
danielbb
src_user shows only 5 or so of percent_coverage in the cim_validator for our Windows data. Fields for Authentication...
by danielbb Motivator in Splunk Enterprise Security 10-15-2019
0 4
0
4
samadmemon
Hi All, We have an environment where the owner of all the Dashboards/Alerts is user 'nobody'. Are there any disadvan...
by samadmemon Explorer in Splunk Enterprise Security 10-15-2019
0 0
0
0
splunkbeginner
After upgrade to Splunk Enterprise Security v 5.3.1, fail on startup with the following error: [root@splunk02 bin]# ...
by splunkbeginner Engager in Splunk Enterprise Security 10-15-2019
0 1
0
1
abwe
I've recently indexed kaspersky security center 10 data in splunk, but malware center in enterprise security showed n...
by abwe Loves-to-Learn Lots in Splunk Enterprise Security 10-14-2019
0 3
0
3
vikram1583
index=email | transaction mid icid | stats count(recipient) as receipent_count by sender | where receipent_count>1...
by vikram1583 Explorer in Splunk Enterprise Security 10-13-2019
0 2
0
2
Arpmjdr
Hi Fellows, I need to change the title of existing correlation search which I am not able to do as the options are g...
by Arpmjdr Explorer in Splunk Enterprise Security 10-13-2019
1 3
1
3
aalaa
Hello , We have a Splunk ES 5.1.0 application installed on Splunk Entreprise version 7.2.0. We need to collect the...
by aalaa Path Finder in Splunk Enterprise Security 10-11-2019
0 0
0
0
danman81
Does the MLTK support multi-output classification, i.e., more than 1 predicted field? Thank you.
by danman81 Engager in Splunk Enterprise Security 10-10-2019
0 4
0
4
utk123
I have 2 different searches to create 2 hosts list, and I want below from splunk search: 1. Find all hosts from 1st s...
by utk123 Path Finder in Splunk Enterprise Security 10-09-2019
0 2
0
2
andykrnac
Dear all, I have downloaded SPL tared image at https://splunkbase.splunk.com/app/4516/ and I want to deploy it Linux...
by andykrnac New Member in Splunk Enterprise Security 10-09-2019
0 3
0
3
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Think Like an Architect: Introducing the Splunk Certified Cybersecurity Defense ...

In cybersecurity, defenders respond to threats. Architects design the systems that stop them.    As ...

Best Practices: Splunk auto adjust pipeline queue

When you enable autoAdjustQueue in Splunk, maxSize should be understood as the queue size Splunk starts with ...