Splunk Enterprise Security

Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
arun_kant_sharm

Check secure communication establish between search head and indexer

Hi Experts, I am new in Splunk, especially in a Splunk distributed environment creation. For enable SSL on splunkWeb...
by arun_kant_sharm Path Finder in Splunk Enterprise Security 08-22-2019
0 1
0
1
richardphung

CIM malware actions

Greetings... We are currently using ES and ingesting data from our IDS and AV to populate the Malware DataModel. Acc...
by richardphung Communicator in Splunk Enterprise Security 08-22-2019
0 1
0
1
aalhabbash1

The Asset Center and Identity Center dashboard.

Hi Splunkers; Before was Asset Center and Identity Center dashboards takes results from assets.csv and identities.cs...
by aalhabbash1 Path Finder in Splunk Enterprise Security 08-21-2019
0 9
0
9
chrisschum

Omit Token Value from Results on 1 Panel

I'm have a dashboard with multiple panels, some of which provide hostnames and others that do not (some coming from A...
by chrisschum Path Finder in Splunk Enterprise Security 08-21-2019
0 4
0
4
logloganathan

Can you help me count the following two files?

Hi, i have two files | inputlookup ABC | stat count result=10 | inputlookup XYZ | stat count result=20 i want ...
by logloganathan Motivator in Splunk Enterprise Security 08-20-2019
0 6
0
6
robinsplunk161

CVE-2016-7103 vulnerability is detected in Splunk 6.6.6

Through BURP scan reports we could find https://www.cvedetails.com/cve/CVE-2016-7103/ vulnerability reported in Splun...
by robinsplunk161 New Member in Splunk Enterprise Security 08-20-2019
0 0
0
0
tonymorin

Where is the search Throttling fields table storied? and can you search for an value in it?

Correlation Search, you throttling them based on fields for a Window duration. Where does Splunk store the fields ans...
by tonymorin Explorer in Splunk Enterprise Security 08-20-2019
2 0
2
0
paola92

Why do I have error with ForeScout Adaptative Response Add-on about retrieve alert actions?

I install Forescout App and Add-ons for Splunk Enterprise Security but I receive a alert and the active alerts is not...
by paola92 Explorer in Splunk Enterprise Security 08-20-2019
0 4
0
4
smitt66

Splunk Enterprise Security: Phantom IP address "refused to connect" on Google Chrome

Hello, I'm trying to access the Phantom web servers but when I use the IP address into Chrome, it says it "refused to...
by smitt66 Engager in Splunk Enterprise Security 08-19-2019
0 3
0
3
jacqu3sy

When is a Failed Login, not a failed login...

Hi, How can I prevent the Splunk Nix TA from mapping the following event to a 'Failed Login' within the Authenticati...
by jacqu3sy Path Finder in Splunk Enterprise Security 08-15-2019
0 3
0
3
satyaallaparthi

Need a help with workflow action or notable event contribution Events

Hello, We created a notable event for DLP which creating Contributing Events: DLP Drilldown for 652837 when ever ...
by satyaallaparthi Communicator in Splunk Enterprise Security 08-15-2019
0 1
0
1
danielbb

Enterprise Security: what makes a correlation search a correlation search?

I'm looking at a sample correlation search called Abnormally High Number of HTTP Method Events By Src - | tstats `su...
by danielbb Motivator in Splunk Enterprise Security 08-15-2019
1 2
1
2
shayvdee

Does Value Exist in KV Store

Hi All, Sorry, this might be an obvious one but I'm having trouble finding information on this specific problem. I h...
by shayvdee Explorer in Splunk Enterprise Security 08-15-2019
0 4
0
4
danielbb

Enterprise Security: can we extend the cim definition with our own custom fields?

The TA mapped our bluecoat index as a Web cim compliant. Looking at our bluecoat index and reports we built on top an...
by danielbb Motivator in Splunk Enterprise Security 08-15-2019
0 2
0
2
wgawhh5hbnht

Splunk Enterprise Security: Look up file in correlation searches not populating

The following 3 Correlation Searches within ES have the error "lookup file is not populated": Detect AWS Console Lo...
by wgawhh5hbnht Communicator in Splunk Enterprise Security 08-15-2019
0 9
0
9
yossefn

Can I pass tokens (like in email notice) as an arguments to Script for SMS alerting?

Hi, I have SMS alerts sent to me as an action of Splunk alert. I have successfully passed the arguments that availa...
by yossefn Path Finder in Splunk Enterprise Security 08-15-2019
0 2
0
2
satyaallaparthi

how to compare successful logins in the host with yesterday's

Hello, I am getting successful logins from each server which is like 4000 per day from Each server. But some days t...
by satyaallaparthi Communicator in Splunk Enterprise Security 08-14-2019
0 1
0
1
ajhsjahdpgjhapi

ES - Threat Intelligence - FS-ISAC Feeds

Attempting to ingest feeds from FS-ISAC into ES. I can see in splunk that a file is created: 2018-06-19 17:01:28,107...
by ajhsjahdpgjhapi Engager in Splunk Enterprise Security 08-14-2019
2 4
2
4
vishwanadhan_mu

Values and counts

Ex: query=google.com , yahoo.com src= xyz-pc , abc-pc I want to know the count of queries to each domain queried by ...
by vishwanadhan_mu Explorer in Splunk Enterprise Security 08-14-2019
0 5
0
5
shayvdee

Updating Timestamp in a Lookup Table

Hi, Trying to build a use case which looks at user logins and stores the Count, Earliest and Lastest times on a per u...
by shayvdee Explorer in Splunk Enterprise Security 08-13-2019
0 2
0
2
vishwanadhan_mu

Query to find host making certain traffic

Hi All, Could you please help me in writing a query for the below scenario: I want find a src computer which is try...
by vishwanadhan_mu Explorer in Splunk Enterprise Security 08-13-2019
0 2
0
2
yanhu

Splunk Enterprise Security: In geodistance what do units="m" refers to, meter or mile?

Not able to find any document about marco geodistance; the units="m", is it mile or meter?
by yanhu Engager in Splunk Enterprise Security 08-13-2019
0 1
0
1
guarisma

ER: Qualys TA for Splunk to pull Activity Logs

Please add an input configuration that pulls the Activity Logs already parsed for the C.I.M Data models. From the AP...
by guarisma Contributor in Splunk Enterprise Security 08-13-2019
0 4
0
4
singhvishakha29

G Suite App for Splunk

Hi All, I was able to configure and follow the authorization steps 1 and 2. The only logs I am receiving are error l...
by singhvishakha29 Engager in Splunk Enterprise Security 08-13-2019
0 0
0
0
hettervik

Is it possible for an alert outside of the Splunk ES app to create and push notable events to Splunk ES?

Hi. We've just installed Splunk ES and want to utilize the notable event functions. I know there is some correlation...
by hettervik Builder in Splunk Enterprise Security 08-12-2019
1 4
1
4
Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...