Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
aaronjamili

Editing the alert that is sent to PagerDuty

Hi all,I'm trying to figure out a way to edit the alert that is sent to PagerDuty. Currenty I have a bunch of alerts ...
by aaronjamili New Member in Splunk Enterprise Security 11-12-2024
0 0
0
0
YahiaEissa

Using splunk Enterprise Security for academic project

So for our graduation project, we've decided to use splunk SIEM as our base app to build on. However, on further insp...
by YahiaEissa New Member in Splunk Enterprise Security 11-09-2024
0 1
0
1
CyberWolf

Multiple Domains

I have an SPLQ that im trying to collect all domains from a raw logs, but my regex is capturing only one domain.in a ...
by CyberWolf Path Finder in Splunk Enterprise Security 11-08-2024
0 4
0
4
SplunkExplorer

Search error: that store merged asset and identity data in Splunk Enterprise Security

Hi Splunkers, we have a SH with Splunk Enterprise Security installed on it. It is a standalone instance that query so...
by SplunkExplorer Contributor in Splunk Enterprise Security 10-31-2024
0 1
0
1
pradeep577

Any use cases for darktrace

Hi, Can anybody helpme to get some use cases for darktrace. Right now I am looking only for score value.
by pradeep577 Path Finder in Splunk Enterprise Security 10-30-2024
0 4
0
4
splunkerarijit

Incident Review dashboard drilldown search not working

Hello,We have been facing a weird error suddenly, wherein our production Splunk cloud Enterprise Security Incident Re...
by splunkerarijit New Member in Splunk Enterprise Security 10-30-2024
0 1
0
1
akulg

Correlating Carbon Black Watchlist Alerts on Splunk Enterprise Security

Hi, our company does not yet have Splunk enterprise security, but we are considering getting it. Currently, our secur...
by akulg Engager in Splunk Enterprise Security 10-28-2024
0 1
0
1
rvnk

Per - result Alert

I am a grad student and I recently gave a quiz on splunk. There was a true/false question.Q: Splunk Alerts can be cre...
by rvnk Engager in Splunk Enterprise Security 10-27-2024
0 1
0
1
hofer_emma

Throttling Notables - Do Underlying Alerts Need to be Throttled Too?

Right now I have an issue with duplicate notables. I want to make it so a notable will only re-generate if there have...
by hofer_emma Loves-to-Learn Lots in Splunk Enterprise Security 10-25-2024
0 0
0
0
bluewizard

How to create notable manually with selected timestamp?

      | stats count | eval _time="1685158808" | eval rule_title="Test notable" | eval security_domain="Network" | e...
by bluewizard Explorer in Splunk Enterprise Security 10-22-2024
0 3
0
3
jrballesteros05

Splunk Enterprise Security: Is it possible to implement multi-tenancy in a distributed search environment?

Hello everybody. I deployed a Splunk Enterprise Security in a distributed environment for our customer. He also has...
by jrballesteros05 Communicator in Splunk Enterprise Security 10-22-2024
1 9
1
9
sajith

Menu Bar Missing in Search and Reporting UI After Upgrade to 9.3.1- Splunk Enterprise

I recently upgraded Splunk Enterprise from version 9.1.0.2 to 9.3.1, and I've encountered an issue where the menu bar...
by sajith Loves-to-Learn in Splunk Enterprise Security 10-21-2024
0 5
0
5
BGrdickson

Does the service now integration work as an ad hoc adaptive response?

Hi guys, I have configured my servicenow integration with splunk and it works fine, we can create notables from any...
by BGrdickson Explorer in Splunk Enterprise Security 10-17-2024
1 9
1
9
niks987

Update a notable once an incident is opened or closed in ServiceNow

Hi All,Hope you all are doing well.I am very new to Splunk Enterprise security, and i need your help  to understand h...
by niks987 Explorer in Splunk Enterprise Security 10-17-2024
0 1
0
1
JackieTech

Error installing Splunk Security Essentials

Hi all, I am trying to install Splunk Security Essentials into a single instance of Splunk with a downloaded file of ...
by JackieTech Explorer in Splunk Enterprise Security 10-16-2024
0 14
0
14
martaBenedetti

How to configure Splunk Enterprise Security drill-down earliest offset?

Hi, I'm trying to configure Drill-down Earliest Offset in my Notable from Adaptive Response Action. I'd like to run t...
by martaBenedetti Path Finder in Splunk Enterprise Security 10-14-2024
0 7
0
7
oz_dg

Splunk ES taxii feed - AlienVault OTX config

Hi everyone,Am having issues with the configuration of the AlienVault OTX feed in Splunk ES and would appreciate any ...
by oz_dg Explorer in Splunk Enterprise Security 10-14-2024
2 7
2
7
manikanthkoti

How to make secure cookies in Splunk by setting Secure, SameSite, HTTPOnly Attributes?

Hi everyone, Can you please help us to make the Secure cookies by doing below things. Setting HTTPOnly Flag to splu...
by manikanthkoti Explorer in Splunk Enterprise Security 10-07-2024
1 1
1
1
brownbag

Traffic Search function

I've seen someone use this traffic search function but can't find it myself:How can I access this traffic search func...
by brownbag Engager in Splunk Enterprise Security 10-03-2024
0 3
0
3
mjuestel2

Documentation for SA-AccessProtection / DA-ESS-AccessProtection

Greetings,I found some useful savedsearches under SA-AccessProtection / DA-ESS-AccessProtection, which I am intereste...
by mjuestel2 Path Finder in Splunk Enterprise Security 10-02-2024
0 0
0
0
KingUs80

How to Format Dates in Splunk Email Reports for Improved Readability

I'm trying to resolve an issue where Splunk sends email reports, but the information exported as an attachment uses a...
by KingUs80 Loves-to-Learn Lots in Splunk Enterprise Security 09-30-2024
0 5
0
5
Joesplunk

Autolookup

How to fix"Could not load lookup=LOOKUP-autolookup_prices"
by Joesplunk New Member in Splunk Enterprise Security 09-26-2024
0 1
0
1
jfournet

Multi-Select in HTML for Alert Action does not return anything and does not show up in payload passed to python script

I am using the following html for my alert action data entry screen.  The tenant mulit-select does not show up in the...
by jfournet New Member in Splunk Enterprise Security 09-23-2024
0 0
0
0
echojacques

Where are Noteable Event Suppressions stored in Splunk?

In Enterprise Security, you can configure Notable Event Suppressions. When adding/editing a suppression, which file ...
by echojacques Builder in Splunk Enterprise Security 09-23-2024
0 7
0
7
beano501

For Enterprise Security, Threat Intelligence Management - What is the correct content of a STIX file?

We are trying to ingest a STIX file into the Threat Intelligence Management, the STIX parses, but does not find anyth...
by beano501 Explorer in Splunk Enterprise Security 09-22-2024
0 1
0
1
Get Updates on the Splunk Community!

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...

AI for AppInspect

We’re excited to announce two new updates to AppInspect designed to save you time and make the app approval ...

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...
Top Solution Authors
View All