Splunk Enterprise Security

Discussions

Thread Info

Enterprise Security: why the incidents don't show up in the lookup?

With all the help from @solarboyz1, the correlation searches produce now notable events, which show up in the Inciden...

by Motivator in

Enterprise Security: how long is a search accessible?

I try to assign an event to myself, but I get the following message - -- Unable to change 1 events: The search is...

by Motivator in

Splunk Enterprise Security: How to view all the use cases?

I go to Configure > Content > Use Case Library. It shows this nice page but I can't view all the use cases. Meaning...

by Motivator in

Dropdown: Could not create search

This is a dependent dropdown. since the token in query,ac_domain has value, customer_name. index has fields aws_acco...

by Communicator in

Enterprise Security: How to get a field break-down for a Web datamodel?

I'm looking at the Web datamodel and try to determine which fields are populated. I can do : | tstats dc(sourcety...

by Motivator in

In Enterprise Security's credential manager, are the passwords encrypted? If yes, what level of encryption is it?

This is just a question if credential manager uses encryption.

by Splunk Employee in

How can I troubleshoot the 'Substantial Increase in Port Activity' ES Correlation Search?

I have a significant number of Notables raised by the Substantial Increase in Port Activity correlation search. Pi...

by Communicator in

Need a help with skipped saved searches and help with calculation in limits

Hello, My schedule jobs are skipping all the time and getting following reasons: The maximum number of concurr...

by Communicator in

Phantom: Multiple Playbook Prompt Options

Hello again everyone, Was wondering if anyone has been able to get Phantom Playbook Prompts to be able to nest respo...

by Path Finder in

Bogon list

Hi, In ES there is a bogonlist included with subnet masks for bogus ip ranges. How is this used standard in Splunk...

by Path Finder in

G-Suite for Splunk: Error received when logging

Hi All, I tried to install the app "G-Suite For Splunk" and was able to do both the authentications successfully. ...

by Engager in

Error migrating deprecated review status transitions

hi ,everyone! Recently my splunk always received the following error message.I suspect it is a problem for splunk...

by Contributor in

Activity from expired identity keeps triggered although csv has been edited

I have changed the identities.csv and prolonged the expiration of an identity. However, the alert keep getting trigge...

by Communicator in

Splunk SIEM sanbox page stuck on authentication

Hi Experts, My Splunk SIEM sandbox never opened . I have received an email which has link to open sandbox and from...

by New Member in

Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed

Hello, We have an AR Action, and it works fine with correlation search. But when we try to invoke it as adhoc acti...

by Path Finder in

Adaptive response actions wont show up

We have created a large amount of custom Adaptive response actions that primarily consist of actions that fetch infor...

by Explorer in

Health Check: msg="A script exited abnormally with exit status: 4"

From the Monitoring Console: Health Check: msg="A script exited abnormally with exit status: 4" input="./opt/splu...

by Path Finder in

Comparing results from two searches

index="A" sourcetype=B action=Yes | search NOT [ search index="A" sourcetype=B action="No" | fields User ] | stats co...

by Explorer in

Use Monitoring Console to monitor a Search Head with Enterprise Security

Hi at all, I have the following architecture: 2 clustered Indexers,2 Search Heads,1 Master Node,1 Deployment Serve...

by Esteemed Legend in

How to create a correlation search from a threat intelligence feed

I wanted to take malicious IP's/URL's that the threat Intel feeds provides and compare them against logs/traffic we s...

by New Member in

Get Updates on the Splunk Community!

Splunk Enterprise Security

Discussions

Enterprise Security: why the incidents don't show up in the lookup?

Enterprise Security: how long is a search accessible?

Splunk Enterprise Security: How to view all the use cases?

Dropdown: Could not create search

Enterprise Security: How to get a field break-down for a Web datamodel?

In Enterprise Security's credential manager, are the passwords encrypted? If yes, what level of encryption is it?

How can I troubleshoot the 'Substantial Increase in Port Activity' ES Correlation Search?

Need a help with skipped saved searches and help with calculation in limits

Phantom: Multiple Playbook Prompt Options

Bogon list

G-Suite for Splunk: Error received when logging

Error migrating deprecated review status transitions

Activity from expired identity keeps triggered although csv has been edited

Splunk SIEM sanbox page stuck on authentication

Splunk Enterprise Security: Adaptive Response Action Adhoc invocation failed

Adaptive response actions wont show up

Health Check: msg="A script exited abnormally with exit status: 4"

Comparing results from two searches

Use Monitoring Console to monitor a Search Head with Enterprise Security

How to create a correlation search from a threat intelligence feed

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

What is the "enable to risk index" and "enable to ...

Strange CIM Issues- How would we fix?

Getting error while installing enterprise security...

Why is Splunk tag for key value pair not appearing...

How to identify null valued fields in the index?