Splunk Enterprise Security

Thread Info

install and update Splunk Enterprise Security

"El servidor que aloja Splunk Enterprise no tiene acceso a Internet sin restricciones por razones de seguridad. Es ne...

by Observer in

Splunk Enterprise Security: How can I change the sort order of the incident review page?

How can I change the sort order of the incident review page within Splunk Enterprise Security? The default appears to...

by Path Finder in

Development: Where can I access the Assign to Me button functionality

I am developing a small app to add a quick assign button to events in the Incident Review board. Currently, if you...

by Engager in

Best practice to get local time of event

Please advise on the optimal solution for this business task. I have a set of events with the following fields: ...

by Path Finder in

How to generate a report based on utilisation of Enterprise Security

Hello, is it possible to analyse the utilisation of enterprise security, I assume it is currently not used in o...

by Engager in

Where to add custom artifact types to use in the workbench?

Hello everyoneIn the Investigation view, in the Workbench section, I want to add a different artifact type than the o...

by Loves-to-Learn Lots in

sysmon fields mapping to endpoint datamodel

I'm trying to look for refernce or documintation that shows me which fields in sysmon logs should be mapped to which ...

by Engager in

Where to add custom artifact types to use in the workbench?

Hello everyoneIn the Investigation view, in the Workbench section, I want to add a different artifact type than the o...

by Contributor in

app ES Content Updates disable

Hi, Will disable the app (ES Content Updates) affect the functionality of Enterprise Security? Thanks Regards ...

by Engager in

Encountered the following error while trying to update: Importing the following role(s) creates a cycle in role inheritance: can_delete, phantom, power, splunk-system-role, user

i got following Error Message While adding Capabilities in Splunk "Encountered the following error while trying to u...

by New Member in

threat intelligence

I am subscribed to a 3rd party threat intelligence called Group-IB. I have the Group-IBapp for splunk installed on m...

by Loves-to-Learn in

Group-IB Threat Intelligence

Hi Splunkers, we have ingested Threat Intelligence Feeds from Group-IB into Splunk, we want to benefit from th...

by Explorer in

How to Identifying XSOAR-Monitored Correlation Searches in Splunk ES

Hello,I'd like to know how to locate the correlation searches that XSOAR is monitoring, rather than the incident revi...

by Builder in

Notable Dashboard for User activity

Dear All, To create the below table for the Notable dashboard in ES, can you please advise. Thanks User1 User1...

by Explorer in

Splunk time parse

Hi, Splunk usually takes the log time event (_time) and parse it to: date_hour, date_mday, date_minute, date_mon...

by Path Finder in

Health warning or error

We have a sandbox environment with vpsphere and it works mostly just fine we believe the time sync is corect becau...

by Path Finder in

Sendemail command email body

Hi All,I am using send email command to send csv file to different recepients based on the search . | eval ...

by Path Finder in

$SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space

Hi All, The data checkpoint file for cloudtrail logs is taking up a lot of disk space (over 100 GB). Is this a nor...

by Engager in

Splunk Enterprise security Audit logs API

How can we fetch the events performed by users in Splunk Enterprise security product from API's?

by Engager in

inputintelligence command not working

hi When I type this command, the following error message is displayed. | inputintelligence mitre_attack error c...

by Loves-to-Learn Lots in

Linux Logs

I am working on Linux based usecases that are available in Splunk ESCU. Most of the usecases are using Endpoint. proc...

by Engager in

Where does the information related to Splunk Investigation get store in Splunk ?

Where is the data from the Splunk Enterprise Security (ES) Investigation Panel stored?In the previous version, it see...

by New Member in

Search for Alert Monitoring.

hello, Could anyone assist me in creating a correlation search to detect triggered alerts across all searches. This...

by Builder in

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

We are having issues with pan:firewall_cloud parser (which came with the Palo Alto Netowrks Add-on) not parsing logs ...

by Engager in

How to create separate incident review dashboard for different team.

Dear All, Please suggest how to create separate incident review dashboard for different team.OR How the notable wil...

by Explorer in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Enterprise Security

Discussions

install and update Splunk Enterprise Security

Splunk Enterprise Security: How can I change the sort order of the incident review page?

Development: Where can I access the Assign to Me button functionality

Best practice to get local time of event

How to generate a report based on utilisation of Enterprise Security

Where to add custom artifact types to use in the workbench?

sysmon fields mapping to endpoint datamodel

Where to add custom artifact types to use in the workbench?

app ES Content Updates disable

Encountered the following error while trying to update: Importing the following role(s) creates a cycle in role inheritance: can_delete, phantom, power, splunk-system-role, user

threat intelligence

Group-IB Threat Intelligence

How to Identifying XSOAR-Monitored Correlation Searches in Splunk ES

Notable Dashboard for User activity

Splunk time parse

Health warning or error

Sendemail command email body

$SPLUNK_HOME/var/lib/splunk/modinputs taking up disk space

Splunk Enterprise security Audit logs API

inputintelligence command not working

Linux Logs

Where does the information related to Splunk Investigation get store in Splunk ?

Search for Alert Monitoring.

Issues with pan: Why is firewall_cloud parser not parsing logs from Cortex Data Lake?

How to create separate incident review dashboard for different team.

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Anatomy of a Successful Migration with Pizza Hut

ES Notable Security Domain Issue

adding a custom field to notable and update the va...

es_notable_events Query

Saved Search in Source Code