Splunk Enterprise Security

Community Activity

We are attempting to setup local lookup file as a threat intelligence download ( as per https://docs.splunk.com/Documentation/ES/5.3.0/Admin/Addthreatintelcustomlookup) . and are unable to use th... by rbal_splunk Splunk Employee in Splunk Enterprise Security 08-30-2019 0 2	0	2
Problem on Changing Syslog Sourcetype The problem is on changing syslog sourcetype into another one. I read all splunk answer about it. I am following the ... by element1314 New Member in Splunk Enterprise Security 08-29-2019 0 1	0	1
How to track inbound and outbound traffic from firewall logs Hi helpful people, I am trying to create a use case which will monitor source and destination traffic(like both comm... by ashferns08 Engager in Splunk Enterprise Security 08-29-2019 0 3	0	3
add variables into serach name under correlation search can we add certain variables like $src$ \| $dest$ into search name: actually we are sending... by riqbal47010 Path Finder in Splunk Enterprise Security 08-29-2019 0 1	0	1
Help with regex to print the value Total_bytes_recv and Total_bytes_send from log Log: Aug 28 17:46:20 192.168.111.14 08/28/2019:16:46:18 GMT 0-PPE-0 : default TCP OTHERCONN_DELINK 1091143 0 : Sourc... by sarbankumar New Member in Splunk Enterprise Security 08-29-2019 0 6	0	6
How to get correlation searches to trigger on older data? We had an incident on a device that we had not had a chance to ingest logs into Splunk. That incident occurred 2 week... by nb1030 New Member in Splunk Enterprise Security 08-28-2019 0 3	0	3
How do I merge two searches into one, and have all the fields filled in? I have two seperate searches that I appended together, but I only need one field out of the second search. My proble... by ESPrioleau New Member in Splunk Enterprise Security 08-28-2019 0 2	0	2
How can end user help improve overall Splunk Enterprise Security speed? My Splunk Admin is the landlord and I'm the tenant. Let's say the landlord is dealing with personal matters and canno... by jsven7 Communicator in Splunk Enterprise Security 08-28-2019 0 2	0	2
Datamodel status building since long I have Email datamodel that ships alongwith Splunk ES. It's in building status and it's accelerated too. How to trou... by snigdhasaxena Communicator in Splunk Enterprise Security 08-26-2019 0 3	0	3
How to Add Workflow Search Action under notable event From a Splunk custom App, I need to add the workflow action which should be displayed under the Actions menu for the ... by gsabhay77 Explorer in Splunk Enterprise Security 08-26-2019 0 2	0	2
Difference between Palo alto all indecent and ES notable events? Hi Splunkers, We are getting critical incidents in Palo alto All incidents dashboard. We configured ES threat activ... by p_gurav Champion in Splunk Enterprise Security 08-26-2019 0 1	0	1
Help with Suspect IP hits to my web. Hello, I have WEB IIS Logs. we have IP addresses in the web logs and want to know when web hits from suspect IP's ... by satyaallaparthi Communicator in Splunk Enterprise Security 08-23-2019 0 5	0	5
Can a Splunk Heavy Forwarder send data via UDP or does it have to be TCP? Can a Splunk Heavy Forwarder send data via UDP or does it have to be TCP? We need to implement a one-way transfer ... by thomasaporter Explorer in Splunk Enterprise Security 08-23-2019 1 4	1	4
Current User Variable within Adaptive Response We're using an adaptive response rule to create tickets for our notable events. One item that I need is the current l... by ericl42 Path Finder in Splunk Enterprise Security 08-22-2019 0 3	0	3
Enterprise Security: why don't the events get indexed to the notable index? This one is, in a sense, a continuation of Enterprise Security: How can I trace the notable events? Running - index=... by danielbb Motivator in Splunk Enterprise Security 08-22-2019 0 4	0	4
When upgrading Splunk Enterprise Security from 4.7.x to 5.2.2, should we plan incremental upgrades? Hello, I just wanted a confirmation if the following upgrade paths are supported. My organization plans to do the f... by plimon Explorer in Splunk Enterprise Security 08-22-2019 0 5	0	5
Check secure communication establish between search head and indexer Hi Experts, I am new in Splunk, especially in a Splunk distributed environment creation. For enable SSL on splunkWeb... by arun_kant_sharm Path Finder in Splunk Enterprise Security 08-22-2019 0 1	0	1
CIM malware actions Greetings... We are currently using ES and ingesting data from our IDS and AV to populate the Malware DataModel. Acc... by richardphung Communicator in Splunk Enterprise Security 08-22-2019 0 1	0	1
The Asset Center and Identity Center dashboard. Hi Splunkers; Before was Asset Center and Identity Center dashboards takes results from assets.csv and identities.cs... by aalhabbash1 Path Finder in Splunk Enterprise Security 08-21-2019 0 9	0	9
Omit Token Value from Results on 1 Panel I'm have a dashboard with multiple panels, some of which provide hostnames and others that do not (some coming from A... by chrisschum Path Finder in Splunk Enterprise Security 08-21-2019 0 4	0	4
Can you help me count the following two files? Hi, i have two files \| inputlookup ABC \| stat count result=10 \| inputlookup XYZ \| stat count result=20 i want ... by logloganathan Motivator in Splunk Enterprise Security 08-20-2019 0 6	0	6
CVE-2016-7103 vulnerability is detected in Splunk 6.6.6 Through BURP scan reports we could find https://www.cvedetails.com/cve/CVE-2016-7103/ vulnerability reported in Splun... by robinsplunk161 New Member in Splunk Enterprise Security 08-20-2019 0 0	0	0
Where is the search Throttling fields table storied? and can you search for an value in it? Correlation Search, you throttling them based on fields for a Window duration. Where does Splunk store the fields ans... by tonymorin Explorer in Splunk Enterprise Security 08-20-2019 2 0	2	0
Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions? I install Forescout App and Add-ons for Splunk Enterprise Security but I receive a alert and the active alerts is not... by paola92 Explorer in Splunk Enterprise Security 08-20-2019 0 4	0	4
Splunk Enterprise Security: Phantom IP address "refused to connect" on Google Chrome Hello, I'm trying to access the Phantom web servers but when I use the IP address into Chrome, it says it "refused to... by smitt66 Engager in Splunk Enterprise Security 08-19-2019 0 3	0	3