Splunk Enterprise Security

Community Activity

Enterprise Security: how long is a search accessible? I try to assign an event to myself, but I get the following message - -- Unable to change 1 events: The search is n... by danielbb Motivator in Splunk Enterprise Security 09-13-2019 0 2	0	2
Splunk Enterprise Security: How to view all the use cases? I go to Configure > Content > Use Case Library. It shows this nice page but I can't view all the use cases. Meaning... by danielbb Motivator in Splunk Enterprise Security 09-12-2019 0 4	0	4
Dropdown: Could not create search This is a dependent dropdown. since the token in query,ac_domain has value, customer_name. index has fields aws_acc... by snigdhasaxena Communicator in Splunk Enterprise Security 09-12-2019 0 0	0	0
Enterprise Security: How to get a field break-down for a Web datamodel? I'm looking at the Web datamodel and try to determine which fields are populated. I can do : \| tstats dc(sourcetyp... by danielbb Motivator in Splunk Enterprise Security 09-12-2019 0 5	0	5
In Enterprise Security's credential manager, are the passwords encrypted? If yes, what level of encryption is it? This is just a question if credential manager uses encryption. by mrockowitz_splu Splunk Employee in Splunk Enterprise Security 09-11-2019 0 2	0	2
How can I troubleshoot the 'Substantial Increase in Port Activity' ES Correlation Search? I have a significant number of Notables raised by the Substantial Increase in Port Activity correlation search. Pick... by gf13579 Communicator in Splunk Enterprise Security 09-11-2019 0 10	0	10
Need a help with skipped saved searches and help with calculation in limits Hello, My schedule jobs are skipping all the time and getting following reasons: The maximum number of concurrent ... by satyaallaparthi Communicator in Splunk Enterprise Security 09-11-2019 0 5	0	5
Phantom: Multiple Playbook Prompt Options Hello again everyone, Was wondering if anyone has been able to get Phantom Playbook Prompts to be able to nest respo... by jamolson Path Finder in Splunk Enterprise Security 09-10-2019 0 1	0	1
Bogon list Hi, In ES there is a bogonlist included with subnet masks for bogus ip ranges. How is this used standard in Splunk E... by mmoermans Path Finder in Splunk Enterprise Security 09-10-2019 0 1	0	1
G-Suite for Splunk: Error received when logging Hi All, I tried to install the app "G-Suite For Splunk" and was able to do both the authentications successfully. Wh... by singhvishakha29 Engager in Splunk Enterprise Security 09-10-2019 0 0	0	0
Error migrating deprecated review status transitions hi ,everyone! Recently my splunk always received the following error message.I suspect it is a problem for splunk E... by bestSplunker Contributor in Splunk Enterprise Security 09-10-2019 1 5	1	5
Activity from expired identity keeps triggered although csv has been edited I have changed the identities.csv and prolonged the expiration of an identity. However, the alert keep getting trigge... by andresito123 Communicator in Splunk Enterprise Security 09-10-2019 0 2	0	2
Splunk SIEM sanbox page stuck on authentication Hi Experts, My Splunk SIEM sandbox never opened . I have received an email which has link to open sandbox and from y... by splunk2019vg New Member in Splunk Enterprise Security 09-09-2019 0 1	0	1
Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed Hello, We have an AR Action, and it works fine with correlation search. But when we try to invoke it as adhoc action... by irsysintegratio Path Finder in Splunk Enterprise Security 09-09-2019 0 13	0	13
Adaptive response actions wont show up We have created a large amount of custom Adaptive response actions that primarily consist of actions that fetch infor... by reubenjoseph Explorer in Splunk Enterprise Security 09-09-2019 0 6	0	6
Health Check: msg="A script exited abnormally with exit status: 4" From the Monitoring Console: Health Check: msg="A script exited abnormally with exit status: 4" input="./opt/splunk... by dillardo_2 Path Finder in Splunk Enterprise Security 09-09-2019 0 3	0	3
Comparing results from two searches index="A" sourcetype=B action=Yes \| search NOT [ search index="A" sourcetype=B action="No" \| fields User ] \| stats co... by rupeshn Explorer in Splunk Enterprise Security 09-09-2019 1 11	1	11
Use Monitoring Console to monitor a Search Head with Enterprise Security Hi at all, I have the following architecture: 2 clustered Indexers,2 Search Heads,1 Master Node,1 Deployment Server.... by gcusello SplunkTrust in Splunk Enterprise Security 09-09-2019 0 5	0	5
How to create a correlation search from a threat intelligence feed I wanted to take malicious IP's/URL's that the threat Intel feeds provides and compare them against logs/traffic we s... by smote01 New Member in Splunk Enterprise Security 09-05-2019 0 0	0	0
New Security Domain I want to add a new Security Domain called "Email" in Enterprise Security (ES) App and later map it to notables. Righ... by shrutheen Explorer in Splunk Enterprise Security 09-05-2019 1 1	1	1
ES Upgrade 4.7.1 to 5.2.0 (customized .xml, .json files functionality) Hi Team, We are performing Splunk ES upgrade from 4.7.1 to 5.2.0. Post upgrade, I have few .xml, .json files that ne... by santosh_scb Path Finder in Splunk Enterprise Security 09-04-2019 0 2	0	2
Custom Alerts in SPLUNK Enterprise We have recently installed Enterprise Security and have enabled a few use cases. This was done with the guidance of ... by willadams Contributor in Splunk Enterprise Security 09-04-2019 0 2	0	2
[ES Managed Lookup] error: "An error occurred" in popup window when clicking "Stop managing" When creating a managed lookup and the destination app is chosen to be a custom app we made (that ES inherits), it cr... by sylim_splunk Splunk Employee in Splunk Enterprise Security 09-04-2019 1 1	1	1
How do I determine why a Correlation Search isn't creating a notable event when I expected one? I have a Correlation Search that didn't generate notable events in a couple where I think it should have. How can I d... by LukeMurphey Champion in Splunk Enterprise Security 09-04-2019 1 4	1	4
Splunk Enterprise Security: How to exclude indexes from Authentication Data Model How to exclude some indexes from authentication data model? We have some indexes such as lastchanceindex, but eventty... by lucas4394 Path Finder in Splunk Enterprise Security 09-03-2019 0 4	0	4